Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2021-34337 | First vendor Publication | 2023-04-15 |
| Vendor | Cve | Last vendor Modification | 2023-04-25 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 6.3 | ||
| Base Score | 6.3 | Environmental Score | 6.3 |
| impact SubScore | 5.2 | Temporal Score | 6.3 |
| Exploitabality Sub Score | 1 | ||
| Attack Vector | Local | Attack Complexity | High |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34337 |
CPE : Common Platform Enumeration
Sources (Detail)
| Source | Url |
|---|---|
| MISC | https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a... https://gitlab.com/mailman/mailman/-/issues/911 https://gitlab.com/mailman/mailman/-/tags |
Alert History
| Date | Informations |
|---|---|
| 2023-04-26 00:27:27 |
|
| 2023-04-17 17:27:18 |
|
| 2023-04-16 00:27:14 |
|
