Lucene search

TwcertCVELIST:CVE-2021-41974

HistoryOct 08, 2021 - 3:15 p.m.

CVE-2021-41974 Tad Book3 - Improper Authorization

2021-10-0815:15:41

CWE-285

twcert

www.cve.org

tad book3

authorization

vulnerability

remote access

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

73.4%

JSON

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.

CNA Affected

[
  {
    "product": "Tad Book3",
    "vendor": "Tad",
    "versions": [
      {
        "lessThanOrEqual": "3.89",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5173-e21ba-1.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

73.4%

JSON

Related for CVELIST:CVE-2021-41974