CVE-2021-20707 - OpenCVE

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network..

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nec	Expresscluster X Singleserversafe Clusterpro X Singleserversafe Expresscluster X Clusterpro X

Configuration 1 [-]

OR	cpe:2.3:a:nec:clusterpro_x::::::windows::*
	cpe:2.3:a:nec:clusterpro_x_singleserversafe::::::windows::*
	cpe:2.3:a:nec:expresscluster_x::::::windows::*
	cpe:2.3:a:nec:expresscluster_x_singleserversafe::::::windows::*

References

Link	Resource
https://jpn.nec.com/security-info/secinfo/nv21-015_en.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: NEC

Published: 2021-11-02T23:30:35

Updated: 2021-12-17T16:10:21

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20707

JSON object: View

NVD Information

Status : Modified

Published: 2021-11-03T00:15:07.970

Modified: 2023-11-07T03:29:13.360

Link: CVE-2021-20707

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "CLUSTERPRO X", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."}], "problemTypes": [{"descriptions": [{"description": "Improper input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-17T16:10:21", "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt-info@cyber.jp.nec.com", "ID": "CVE-2021-20707", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CLUSTERPRO X", "version": {"version_data": [{"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"}]}}]}, "vendor_name": "NEC Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper input Validation"}]}]}, "references": {"reference_data": [{"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", "refsource": "MISC", "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "assignerShortName": "NEC", "cveId": "CVE-2021-20707", "datePublished": "2021-11-02T23:30:35", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2021-12-17T16:10:21", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada inadecuada en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante leer archivos cargados a trav\u00e9s de la red"}], "id": "CVE-2021-20707", "lastModified": "2023-11-07T03:29:13.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-03T00:15:07.970", "references": [{"source": "psirt-info@cyber.jp.nec.com", "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}