Lucene search

MitreCVE-2021-36794

HistoryNov 02, 2021 - 2:15 p.m.

CVE-2021-36794

2021-11-0214:15:13

mitre

web.nvd.nist.gov

cve-2021-36794

siren investigate

tls

security

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.

Affected configurations

Nvd

Node

sireninvestigateRange<11.1.4

VendorProductVersionCPE
sireninvestigate*cpe:2.3:a:siren:investigate:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siren	investigate	*	cpe:2.3:a:siren:investigate::::::::

References

community.siren.io/c/announcements

docs.siren.io/index

docs.siren.io/siren-platform-user-guide/11.1/release-notes.html#_security_fixes_3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Related for CVE-2021-36794