CVE-2021-3352

{"id": "CVE-2021-3352", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2021-08-13T16:15:08.203", "references": [{"url": "https://www.mitel.com/support/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0002", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens."}, {"lang": "es", "value": "El kit de Desarrollo de Software de Mitel MiContact Center Business desde versiones 8.0.0.0 hasta 8.1.4.1 y versiones 9.0.0.0 hasta 9.3.1.0, podr\u00eda permitir a un atacante no autenticado acceder (visualizar y modificar) los datos de usuarios sin autorizaci\u00f3n debido a un manejo inapropiado de los tokens."}], "lastModified": "2021-08-25T13:55:20.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D88E019-C98B-4D2A-A50E-2D83F4D53ADB", "versionEndIncluding": "8.1.4.1", "versionStartIncluding": "8.0.0.0"}, {"criteria": "cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBBE93DC-2D14-4D6C-9818-5F5C1FFF9AAD", "versionEndIncluding": "9.3.1.0", "versionStartIncluding": "9.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}