Lucene search

[email protected]CVE-2021-37468

HistoryJul 25, 2021 - 9:15 p.m.

CVE-2021-37468

2021-07-2521:15:08

CWE-312

[email protected]

web.nvd.nist.gov

cve-2021-37468

nch reflect crm

local user

information disclosure

configuration files

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.

Affected configurations

NVD

Node

nchreflect_customer_relationship_managementRange≤3.01

CPENameOperatorVersion
nch:reflect_customer_relationship_managementnch reflect customer relationship managementle3.01

CPE	Name	Operator	Version
nch:reflect_customer_relationship_management	nch reflect customer relationship management	le	3.01

References

github.com/0xfml/poc/blob/main/NCH/ReflectCRM_3.01_CC.md

www.nchsoftware.com/crm/index.html

Social References

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-37468

cvelist1 prion1 nvd1 cnvd1