CVE-2021-20707 - Vulnerability Details

Vendors	Products
Nec	Clusterpro X Clusterpro X Singleserversafe Expresscluster X Expresscluster X Singleserversafe

Link	Providers
https://jpn.nec.com/security-info/secinfo/nv21-015_en.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "CLUSTERPRO X", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."}], "problemTypes": [{"descriptions": [{"description": "Improper input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-17T16:10:21", "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt-info@cyber.jp.nec.com", "ID": "CVE-2021-20707", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CLUSTERPRO X", "version": {"version_data": [{"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"}]}}]}, "vendor_name": "NEC Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper input Validation"}]}]}, "references": {"reference_data": [{"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", "refsource": "MISC", "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:53:21.206Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}]}]}, "cveMetadata": {"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "assignerShortName": "NEC", "cveId": "CVE-2021-20707", "datePublished": "2021-11-02T23:30:35", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:53:21.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : CLUSTERPRO X (string)

vendor : NEC Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Improper input Validation (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-12-17T16:10:21 (string)

orgId : f2760a35-e0d8-4637-ac4c-cc1a2de3e282 (string)

shortName : NEC (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://jpn.nec.com/security-info/secinfo/nv21-015_en.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt-info@cyber.jp.nec.com (string)

ID : CVE-2021-20707 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : CLUSTERPRO X (string)

version : { »

version_data : [ »

0 : { »

version_value : CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier (string)

}

]

}

]

}

vendor_name : NEC Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Improper input Validation (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://jpn.nec.com/security-info/secinfo/nv21-015_en.html (string)

refsource : MISC (string)

url : https://jpn.nec.com/security-info/secinfo/nv21-015_en.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T17:53:21.206Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://jpn.nec.com/security-info/secinfo/nv21-015_en.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f2760a35-e0d8-4637-ac4c-cc1a2de3e282 (string)

assignerShortName : NEC (string)

cveId : CVE-2021-20707 (string)

datePublished : 2021-11-02T23:30:35 (string)

dateReserved : 2020-12-17T00:00:00 (string)

dateUpdated : 2024-08-03T17:53:21.206Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99", "versionEndIncluding": "4.3", "versionStartIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada inadecuada en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante leer archivos cargados a trav\u00e9s de la red"}], "id": "CVE-2021-20707", "lastModified": "2024-11-21T05:47:02.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-03T00:15:07.970", "references": [{"source": "psirt-info@cyber.jp.nec.com", "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 109DED36-3D51-4EDF-8187-63F3415BC2B7 (string)

versionEndIncluding : 4.3 (string)

versionStartIncluding : 1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : AADFE051-D950-4027-B9C4-EB53B3881001 (string)

versionEndIncluding : 4.3 (string)

versionStartIncluding : 1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : EBD9B299-1A5E-4329-BC51-606A0EF00822 (string)

versionEndIncluding : 4.3 (string)

versionStartIncluding : 1.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 5717B4C8-9622-4A08-9E29-E6B66800CE99 (string)

versionEndIncluding : 4.3 (string)

versionStartIncluding : 1.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de validación de entrada inadecuada en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante leer archivos cargados a través de la red (string)

}

]

id : CVE-2021-20707 (string)

lastModified : 2024-11-21T05:47:02.950 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-11-03T00:15:07.970 (string)

references : [ »

0 : { »

source : psirt-info@cyber.jp.nec.com (string)

url : https://jpn.nec.com/security-info/secinfo/nv21-015_en.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://jpn.nec.com/security-info/secinfo/nv21-015_en.html (string)

}

]

sourceIdentifier : psirt-info@cyber.jp.nec.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object