Lucene search

[email protected]NVD:CVE-2021-41974

HistoryOct 08, 2021 - 4:15 p.m.

CVE-2021-41974

2021-10-0816:15:08

CWE-306

CWE-285

[email protected]

web.nvd.nist.gov

identity verification

unauthorized access

modification

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

73.4%

JSON

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.

Affected configurations

Nvd

Node

tad_book3_projecttad_book3Range<3.9

VendorProductVersionCPE
tad_book3_projecttad_book3*cpe:2.3:a:tad_book3_project:tad_book3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tad_book3_project	tad_book3	*	cpe:2.3:a:tad_book3_project:tad_book3::::::::

References

www.twcert.org.tw/tw/cp-132-5173-e21ba-1.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

73.4%

JSON

Related for NVD:CVE-2021-41974

cve1 cvelist1 prion1