Details of VAR-202204-1271

ID

VAR-202204-1271

CVE

CVE-2021-43009

TITLE

OpServices of OpMon Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019242

DESCRIPTION

A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. OpServices of OpMon Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2021-43009 // JVNDB: JVNDB-2021-019242

AFFECTED PRODUCTS

vendor:	opservices	model:	opmon	scope:	lte	version:	9.11	Trust: 1.0
vendor:	opservices	model:	opmon	scope:	eq	version:	-	Trust: 0.8
vendor:	opservices	model:	opmon	scope:	-	version:	-	Trust: 0.8
vendor:	opservices	model:	opmon	scope:	lte	version:	9.11 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2021-019242 // NVD: CVE-2021-43009

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-43009
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202204-2596
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2021-43009
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.8

NVD:	CVE-2021-43009
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-43009
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-019242 // NVD: CVE-2021-43009 // CNNVD: CNNVD-202204-2596

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019242 // NVD: CVE-2021-43009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2596

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202204-2596

CONFIGURATIONS

sources: NVD: CVE-2021-43009

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43009	Trust: 3.2
db:	PACKETSTORM	id:	166619	Trust: 2.4
db:	EXPLOIT-DB	id:	50857	Trust: 2.4
db:	JVNDB	id:	JVNDB-2021-019242	Trust: 0.8
db:	CXSECURITY	id:	WLB-2022040026	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2596	Trust: 0.6

sources: JVNDB: JVNDB-2021-019242 // NVD: CVE-2021-43009 // CNNVD: CNNVD-202204-2596

REFERENCES

url:	http://packetstormsecurity.com/files/166619/opmon-9.11-cross-site-scripting.html	Trust: 3.0
url:	https://www.exploit-db.com/exploits/50857	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43009	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-43009/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022040026	Trust: 0.6

sources: JVNDB: JVNDB-2021-019242 // NVD: CVE-2021-43009 // CNNVD: CNNVD-202204-2596

CREDITS

p3tryx

Trust: 0.6

sources: CNNVD: CNNVD-202204-2596

SOURCES

db:	JVNDB	id:	JVNDB-2021-019242
db:	NVD	id:	CVE-2021-43009
db:	CNNVD	id:	CNNVD-202204-2596

LAST UPDATE DATE

2023-07-22T22:49:56.024000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-019242	date:	2023-07-20T08:16:00
db:	NVD	id:	CVE-2021-43009	date:	2022-04-14T18:51:00
db:	CNNVD	id:	CNNVD-202204-2596	date:	2022-04-15T00:00:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-019242	date:	2023-07-20T00:00:00
db:	NVD	id:	CVE-2021-43009	date:	2022-04-08T20:15:00
db:	CNNVD	id:	CNNVD-202204-2596	date:	2022-04-07T00:00:00