| Publication Date: |
2021-10-12 |
| Last Update: |
2021-10-12 |
| Current Version: |
V1.0 |
| CVSS v3.1 Base Score: |
8.8 |
- Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| CVSS v3.1 Base Score |
8.8 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-285: Improper Authorization |
| CVSS v3.1 Base Score |
6.5 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| CVSS v3.1 Base Score |
4.9 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| CVSS v3.1 Base Score |
6.5 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
| CWE: |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| CVSS v3.1 Base Score |
6.5 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
| CWE: |
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-502: Deserialization of Untrusted Data |
| CVSS v3.1 Base Score |
8.8 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| CVSS v3.1 Base Score |
7.2 |
| CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
-
Noam Moshe from
Claroty
for coordinated disclosure
https://www.siemens.com/cert/advisories