Lucene search

TwcertCVELIST:CVE-2021-42332

HistoryOct 15, 2021 - 12:00 a.m.

CVE-2021-42332 ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-3

2021-10-1500:00:00

CWE-285

twcert

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.

CNA Affected

[
  {
    "product": "ShinHer StudyOnline System",
    "vendor": "ShinHer Information Co., LTD.",
    "versions": [
      {
        "lessThanOrEqual": "2021",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5202-49681-1.html

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

Related for CVELIST:CVE-2021-42332