CVE-2021-29281

{"id": "CVE-2021-29281", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-07-07T21:15:09.797", "references": [{"url": "https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cwe.mitre.org/data/definitions/434.html", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/50181", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-archiver", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317."}, {"lang": "es", "value": "Una vulnerabilidad en la carga de archivos en GFI Mail Archiver versiones hasta 15.1 incluy\u00e9ndola, por medio de una implementaci\u00f3n no segura del plugin Telerik Web UI, que est\u00e1 afectado por CVE-2014-2217, y CVE-2017-11317"}], "lastModified": "2022-07-15T02:08:55.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gfi:archiver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31909790-5A84-4F63-A326-0D16CB3A524A", "versionEndExcluding": "15.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}