Description
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Related
{"id": "CVE-2021-31937", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-31937", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "published": "2022-11-25T16:23:14", "modified": "2022-11-25T16:23:14", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "candidate", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-11-25T16:23:14", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA12192"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31937"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_91_0_864_37.NASL"]}]}, "score": {"value": 1.5, "vector": "NONE"}, "vulnersScore": 1.5}, "_state": {"dependencies": 1669393398, "score": 1669393643}, "_internal": {"score_hash": "e1c0e60a99a3f48b6f48369ad4e47519"}, "cna_cvss": {}, "cpe": [], "cpe23": [], "cwe": [], "affectedSoftware": [], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": []}
{"mscve": [{"lastseen": "2022-10-03T16:26:41", "description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "edition": 1, "cvss3": {}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2021-31937"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-31937", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31937", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-11T14:51:00", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-02T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-31937", "CVE-2021-31982"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_91_0_864_37.NASL", "href": "https://www.tenable.com/plugins/nessus/150138", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150138);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected\nby multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-27-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c14a42a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 91.0.864.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '91.0.864.37' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-12-22T23:18:13", "description": "### *Detect date*:\n05/27/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-30538](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30538>) \n[CVE-2021-30534](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30534>) \n[CVE-2021-30540](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30540>) \n[CVE-2021-30523](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30523>) \n[CVE-2021-31982](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31982>) \n[CVE-2021-30535](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30535>) \n[CVE-2021-30524](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30524>) \n[CVE-2021-30537](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30537>) \n[CVE-2021-30536](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30536>) \n[CVE-2021-30521](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30521>) \n[CVE-2021-30527](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30527>) \n[CVE-2021-30539](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30539>) \n[CVE-2021-30532](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30532>) \n[CVE-2021-30522](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30522>) \n[CVE-2021-30533](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30533>) \n[CVE-2021-30525](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30525>) \n[CVE-2021-30530](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30530>) \n[CVE-2021-30526](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30526>) \n[CVE-2021-30528](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30528>) \n[CVE-2021-30531](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30531>) \n[CVE-2021-30529](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30529>) \n[CVE-2021-31937](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31937>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-30538](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30538>)4.3Warning \n[CVE-2021-30540](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30540>)4.3Warning \n[CVE-2021-30533](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30533>)4.3Warning \n[CVE-2021-30527](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30527>)6.8High \n[CVE-2021-30522](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30522>)6.8High \n[CVE-2021-30521](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30521>)6.8High \n[CVE-2021-30531](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30531>)4.3Warning \n[CVE-2021-30523](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30523>)6.8High \n[CVE-2021-30524](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30524>)6.8High \n[CVE-2021-30535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30535>)6.8High \n[CVE-2021-30526](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30526>)6.8High \n[CVE-2021-30530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30530>)6.8High \n[CVE-2021-30525](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30525>)6.8High \n[CVE-2021-30539](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30539>)5.8High \n[CVE-2021-30529](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30529>)6.8High \n[CVE-2021-30528](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30528>)6.8High \n[CVE-2021-30532](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30532>)4.3Warning \n[CVE-2021-30537](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30537>)4.3Warning \n[CVE-2021-30534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30534>)4.3Warning \n[CVE-2021-30536](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30536>)5.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-27T00:00:00", "type": "kaspersky", "title": "KLA12192 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-31937", "CVE-2021-31982"], "modified": "2021-06-22T00:00:00", "id": "KLA12192", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12192/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2021-31937
