Lucene search

[email protected]CVE-2021-31410

HistoryApr 23, 2021 - 5:15 p.m.

CVE-2021-31410

2021-04-2317:15:08

CWE-668

CWE-402

[email protected]

web.nvd.nist.gov

cve-2021-31410

vaadin designer

security vulnerability

remote access

http request

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.007 Low

EPSS

Percentile

80.2%

JSON

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

Affected configurations

NVD

Node

vaadindesignerRange4.3.0–4.6.4

CPENameOperatorVersion
vaadin:designervaadin designerlt4.6.4

CPE	Name	Operator	Version
vaadin:designer	vaadin designer	lt	4.6.4

CNA Affected

[
  {
    "product": "Designer",
    "vendor": "Vaadin",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "4.3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

vaadin.com/security/cve-2021-31410

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2021-31410

vaadin1 osv1 cvelist1 prion1 nvd1