Lucene search

K
cveJpcertCVE-2021-20618
HistoryJan 14, 2021 - 9:15 a.m.

CVE-2021-20618

2021-01-1409:15:13
CWE-269
jpcert
web.nvd.nist.gov
42
cve-2021-20618
privilege chaining
acmailer
authentication bypass
administrative privilege
information disclosure

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.009

Percentile

83.4%

Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.

Affected configurations

Nvd
Vulners
Node
acmaileracmailerRange4.0.2
OR
acmaileracmailer_dbRange1.1.4
VendorProductVersionCPE
acmaileracmailer*cpe:2.3:a:acmailer:acmailer:*:*:*:*:*:*:*:*
acmaileracmailer_db*cpe:2.3:a:acmailer:acmailer_db:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "acmailer and acmailer DB",
    "vendor": "Seeds Co.,Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier"
      }
    ]
  }
]

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.009

Percentile

83.4%

Related for CVE-2021-20618