CVE-2021-43271

{"id": "CVE-2021-43271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2022-06-03T20:15:07.927", "references": [{"url": "https://supportkb.riverbed.com/support/index?page=content&id=S35806", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.)"}, {"lang": "es", "value": "Riverbed AppResponse versiones 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5 y 11.11.5a (cuando est\u00e1n configurados para usar autenticaci\u00f3n local, RADIUS o TACACS) registra los nombres de usuario y las contrase\u00f1as si son introducidos incorrectamente. Si un usuario introduce un nombre de usuario y/o una contrase\u00f1a incorrectos cuando es conectado a la WebUI, estas credenciales intentadas son incluidas en un mensaje de error que es registrado en el archivo de registro de la WebUI. No aparece una entrada en el registro si el nombre de usuario y la contrase\u00f1a proporcionados coinciden correctamente con un conjunto v\u00e1lido de credenciales. Esto tampoco ocurre si AppResponse est\u00e1 configurado para usar autenticaci\u00f3n SAML. El archivo de registro de WebUI es incluido en posteriores volcados de diagn\u00f3stico del sistema que son generados. (S\u00f3lo los usuarios con acceso de Control Total al permiso de Configuraci\u00f3n del Sistema pueden generar volcados del sistema. Por defecto, s\u00f3lo los administradores del sistema presentan acceso de control total al permiso de configuraci\u00f3n del sistema)"}], "lastModified": "2022-06-15T13:46:11.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:riverbed:appresponse:11.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB80D9D8-8B80-4DD3-AAB2-C9DC3EE5E9CB"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F548E09-F16F-4B71-957A-E6B3F2A7833E"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.8.5a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "696D3993-A775-44D8-B8EC-96DF77519033"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9112037-727C-40DF-8233-BDC92F0EC50C"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.9.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0169E02-990C-4013-8306-84F78E41EF94"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78DFCF3C-4704-41AD-AAE6-6902BBEBFAFA"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42EF849B-E3EC-467B-BAD6-DBCE3BF40A91"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.11.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F54E3343-317E-4538-90EF-78E98A9979D9"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B13A15D-8AA1-42A3-B7E6-51E705BC2B44"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.11.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B1E083F-9DBE-48A3-A4FE-2062D53D2AFD"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5894DB2D-C675-4C06-BF55-256C0D63036B"}, {"criteria": "cpe:2.3:a:riverbed:appresponse:11.11.5a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "180FA3E1-AF81-48E3-AE02-43C0F57412F2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}