CVE-2021-20706 - OpenCVE

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nec	Expresscluster X Singleserversafe Clusterpro X Singleserversafe Expresscluster X Clusterpro X

Configuration 1 [-]

OR	cpe:2.3:a:nec:clusterpro_x::::::windows::*
	cpe:2.3:a:nec:clusterpro_x_singleserversafe::::::windows::*
	cpe:2.3:a:nec:expresscluster_x::::::windows::*
	cpe:2.3:a:nec:expresscluster_x_singleserversafe::::::windows::*

References

Link	Resource
https://jpn.nec.com/security-info/secinfo/nv21-015_en.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: NEC

Published: 2021-11-02T23:30:15

Updated: 2021-12-17T16:10:23

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20706

JSON object: View

NVD Information

Status : Modified

Published: 2021-11-03T00:15:07.930

Modified: 2023-11-07T03:29:13.103

Link: CVE-2021-20706

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "CLUSTERPRO X", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."}], "problemTypes": [{"descriptions": [{"description": "Improper input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-17T16:10:23", "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt-info@cyber.jp.nec.com", "ID": "CVE-2021-20706", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CLUSTERPRO X", "version": {"version_data": [{"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"}]}}]}, "vendor_name": "NEC Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper input Validation"}]}]}, "references": {"reference_data": [{"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", "refsource": "MISC", "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "assignerShortName": "NEC", "cveId": "CVE-2021-20706", "datePublished": "2021-11-02T23:30:15", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2021-12-17T16:10:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada inadecuada en el WebManager CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la carga remota de archivos a trav\u00e9s de la red"}], "id": "CVE-2021-20706", "lastModified": "2023-11-07T03:29:13.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-03T00:15:07.930", "references": [{"source": "psirt-info@cyber.jp.nec.com", "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}