{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-02T14:50:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28124.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28124", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28124.md", "refsource": "CONFIRM", "url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28124.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28124", "datePublished": "2021-04-02T14:50:54", "dateReserved": "2021-03-10T00:00:00", "dateUpdated": "2021-04-02T14:50:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cohesity:cohesity_dataplatform:*:*:*:*:*:*:*:*", "matchCriteriaId": "E916355C-0164-402B-96E1-18BCAE584A24", "versionEndIncluding": "6.3.1g", "versionStartIncluding": "6.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cohesity:cohesity_dataplatform:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DC79961-9B21-4D13-97C4-B845CF898149", "versionEndIncluding": "6.4.1c", "versionStartIncluding": "6.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cohesity:cohesity_dataplatform:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA28ADD0-C186-42E1-A533-FDBE19E95673", "versionEndIncluding": "6.5.1b", "versionStartIncluding": "6.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster."}, {"lang": "es", "value": "Una vulnerabilidad de tipo man-in-the-middle en el canal de soporte de Cohesity DataPlatform versiones 6.3 hasta 6.3.1g, versiones 6.4 hasta 6.4.1cy, versiones 6.5.1 hasta 6.5.1b. Una falta de autenticaci\u00f3n del servidor en versiones afectadas puede permitir a un atacante tenga acceso de tipo Man-in-the-middle (MITM) en una sesi\u00f3n del canal de soporte de la Interfaz de Usuario en el cl\u00faster Cohesity DataPlatform."}], "id": "CVE-2021-28124", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-02T15:15:13.317", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28124.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}