CVE-2021-45478 - OpenCVE

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Yordam	Library Automation System

Configuration 1 [-]

cpe:2.3:a:yordam:library_automation_system:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0119	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-03-02T08:26:02.908Z

Updated: 2023-03-02T08:26:02.908Z

Reserved: 2021-12-24T13:04:17.903Z

Link: CVE-2021-45478

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-02T09:15:09.223

Modified: 2023-11-07T03:39:51.900

Link: CVE-2021-45478

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-45478", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2021-12-24T13:04:17.903Z", "datePublished": "2023-03-02T08:26:02.908Z", "dateUpdated": "2023-03-02T08:26:02.908Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Library Automation System", "vendor": "Yordam Information Technologies", "versions": [{"lessThan": "19.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Oguzhan KARA"}], "datePublic": "2023-03-02T08:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.<p>This issue affects Library Automation System: before 19.2.</p>"}], "value": "Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.\n\n"}], "impacts": [{"capecId": "CAPEC-569", "descriptions": [{"lang": "en", "value": "CAPEC-569 Collect Data as Provided by Users"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-233", "description": "CWE-233 Improper Handling of Parameters", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-02T08:26:02.908Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0119"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the software version to >=19.2"}], "value": "Update the software version to >=19.2"}], "source": {"advisory": "TR-23-0119", "defect": ["TR-23-0119"], "discovery": "UNKNOWN"}, "title": "IDOR in Yordam Library Automation System", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}