Vulnerabilites related to microfocus - data_protector
cve-2019-3476
Vulnerability from cvelistv5
Published
2019-03-25 16:07
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03337614 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Micro Focus Data Protector |
Version: 10.03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.03"
}
]
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Data Protector",
"version": {
"version_data": [
{
"version_value": "10.03"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03337614",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3476",
"datePublished": "2019-03-25T16:07:28",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22517
Vulnerability from cvelistv5
Published
2021-08-05 20:41
Modified
2024-08-03 18:44
Severity ?
EPSS score ?
Summary
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.microfocus.com/s/article/KM000001460 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Protector |
Version: 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileged escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:41:05",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000001460",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22517",
"datePublished": "2021-08-05T20:41:05",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:13.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11660
Vulnerability from cvelistv5
Published
2019-09-13 17:21
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03525630 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Protector |
Version: 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileges manipulation.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileges manipulation."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03525630",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"name": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11660",
"datePublished": "2019-09-13T17:21:26",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-03-25 17:29
Modified
2024-11-21 04:42
Severity ?
Summary
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | data_protector | 10.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.03:*:*:*:*:*:*:*",
"matchCriteriaId": "55D23EE4-66F3-4DB2-A890-7D0CCEB3B4E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n remota de c\u00f3digo arbitrario en Micro Focus Data Protector, versi\u00f3n 10.03; esta vulnerabilidad podr\u00eda permitir una ejecuci\u00f3n remota de c\u00f3digo arbitrario."
}
],
"id": "CVE-2019-3476",
"lastModified": "2024-11-21T04:42:06.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T17:29:00.810",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-13 18:15
Modified
2024-11-21 04:21
Severity ?
Summary
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | data_protector | * | |
| microfocus | data_protector | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:data_protector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9352B8F-A1F8-4253-A339-1CCBD6C83256",
"versionEndIncluding": "10.04",
"versionStartIncluding": "10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349F3FA2-ED71-4680-9AC2-13E88A94DF28",
"versionEndIncluding": "10.40",
"versionStartIncluding": "10.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
},
{
"lang": "es",
"value": "Una manipulaci\u00f3n de privilegios en Micro Focus Data Protector, versiones 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. Esta vulnerabilidad podr\u00eda ser explotada por parte de un usuario poco privilegiado para ejecutar un binario personalizado con mayores privilegios."
}
],
"id": "CVE-2019-11660",
"lastModified": "2024-11-21T04:21:32.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-13T18:15:10.987",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | data_protector | 10.0 | |
| microfocus | data_protector | 10.10 | |
| microfocus | data_protector | 10.20 | |
| microfocus | data_protector | 10.30 | |
| microfocus | data_protector | 10.40 | |
| microfocus | data_protector | 10.50 | |
| microfocus | data_protector | 10.60 | |
| microfocus | data_protector | 10.70 | |
| microfocus | data_protector | 10.80 | |
| microfocus | data_protector | 10.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24DC50FA-D787-4715-8B21-C2120D566FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3C11A5-FE44-444C-ABE5-954801CB33DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D06B57-54F9-4405-B499-631D33933702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1C01AB63-5FA4-4800-954A-2218048313A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA8B0B3-580F-40EA-85BB-7490C17F7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.50:*:*:*:*:*:*:*",
"matchCriteriaId": "909C0404-14C7-4C5C-B5CE-65C83E82EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1110D5DF-270C-443A-98C2-2591118ADBB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D4690EB0-DB47-498C-B0B8-9070019281BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.80:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3AFCF2-C7E7-43D4-B142-34B549BB94A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.91:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C88D11-4FDA-4C19-B6B6-4AFE6E13A133",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de escalada de privilegios no autorizada en Micro Focus Data Protector. La vulnerabilidad afecta las versiones 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 y 10.91. Un usuario privilegiado puede potencialmente usar inapropiadamente esta funcionalidad y permitir as\u00ed un acceso no intencionado y no autorizado a los datos"
}
],
"id": "CVE-2021-22517",
"lastModified": "2024-11-21T05:50:15.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:10.953",
"references": [
{
"source": "security@opentext.com",
"url": "https://portal.microfocus.com/s/article/KM000001460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}