CVE-2021-27780 - OpenCVE

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hcltech	Modern Client Management Bigfix Mobile

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:bigfix_mobile::::::::
	cpe:2.3:a:hcltech:modern_client_management::::::::

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HCL

Published: 2022-05-09T00:00:00

Updated: 2022-05-27T16:15:14

Reserved: 2021-02-26T00:00:00

Link: CVE-2021-27780

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-27T17:15:07.713

Modified: 2022-06-08T16:11:58.447

Link: CVE-2021-27780

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "HCL BigFix Mobile / Modern Client Management", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "1.x, 2.x"}]}], "datePublic": "2022-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-112", "description": "CWE-112 Missing XML Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-27T16:15:14", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028"}], "source": {"discovery": "UNKNOWN"}, "title": " HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "DATE_PUBLIC": "2022-05-09T00:00:00.000Z", "ID": "CVE-2021-27780", "STATE": "PUBLIC", "TITLE": " HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HCL BigFix Mobile / Modern Client Management", "version": {"version_data": [{"version_value": "1.x, 2.x"}]}}]}, "vendor_name": "HCL Software"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-112 Missing XML Validation"}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2021-27780", "datePublished": "2022-05-09T00:00:00", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2022-05-27T16:15:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA3DEFDE-3119-4DE2-98C4-8FA1AC65B81C", "versionEndExcluding": "2.1", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:modern_client_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "254F8C6D-44D7-4E04-8CE0-C4D793EEAAC0", "versionEndExcluding": "2.1", "versionStartIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment."}, {"lang": "es", "value": "El software puede ser vulnerable tanto a la interacci\u00f3n XML no autenticada como a la inscripci\u00f3n de dispositivos no autenticados"}], "id": "CVE-2021-27780", "lastModified": "2022-06-08T16:11:58.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2022-05-27T17:15:07.713", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-112"}], "source": "psirt@hcl.com", "type": "Secondary"}]}