Lucene search

[email protected]CVE-2021-20703

HistoryNov 03, 2021 - 12:15 a.m.

CVE-2021-20703

2021-11-0300:15:07

CWE-120

[email protected]

web.nvd.nist.gov

cve-2021-20703

buffer overflow

transaction server

clusterpro

expresscluster

windows

remote code execution

network vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.

Affected configurations

NVD

Node

necclusterpro_xRange1.0–4.3windows

necclusterpro_x_singleserversafeRange1.0–4.3windows

necexpresscluster_xRange1.0–4.3windows

necexpresscluster_x_singleserversafeRange1.0–4.3windows

CPENameOperatorVersion
nec:clusterpro_xnec clusterpro xle4.3
nec:clusterpro_x_singleserversafenec clusterpro x singleserversafele4.3
nec:expresscluster_xnec expresscluster xle4.3
nec:expresscluster_x_singleserversafenec expresscluster x singleserversafele4.3

CPE	Name	Operator	Version
nec:clusterpro_x	nec clusterpro x	le	4.3
nec:clusterpro_x_singleserversafe	nec clusterpro x singleserversafe	le	4.3
nec:expresscluster_x	nec expresscluster x	le	4.3
nec:expresscluster_x_singleserversafe	nec expresscluster x singleserversafe	le	4.3

CNA Affected

[
  {
    "product": "CLUSTERPRO X",
    "vendor": "NEC Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
      }
    ]
  }
]

References

jpn.nec.com/security-info/secinfo/nv21-015_en.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2021-20703

prion1 cvelist1 nvd1 jvn1