CVE-2017-15713 - Vulnerability Details

Vendors	Products
Apache	Hadoop

Link	Providers
https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "0.23.0 to 0.23.11"}, {"status": "affected", "version": "2.0.0-alpha to 2.8.2"}, {"status": "affected", "version": "3.0.0-alpha to 3.0.0-beta1"}]}], "datePublic": "2018-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-19T16:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-01-19T00:00:00", "ID": "CVE-2017-15713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Hadoop", "version": {"version_data": [{"version_value": "0.23.0 to 0.23.11"}, {"version_value": "2.0.0-alpha to 2.8.2"}, {"version_value": "3.0.0-alpha to 3.0.0-beta1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:04:49.292Z"}, "title": "CVE Program Container", "references": [{"name": "[general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-15713", "datePublished": "2018-01-19T17:00:00Z", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-09-17T04:08:48.075Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Apache Hadoop (string)

vendor : Apache Software Foundation (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.23.0 to 0.23.11 (string)

}

1 : { »

status : affected (string)

version : 2.0.0-alpha to 2.8.2 (string)

}

2 : { »

status : affected (string)

version : 3.0.0-alpha to 3.0.0-beta1 (string)

}

]

}

]

datePublic : 2018-01-19T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information Disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-01-19T16:57:01 (string)

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

}

references : [ »

0 : { »

name : [general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@apache.org (string)

DATE_PUBLIC : 2018-01-19T00:00:00 (string)

ID : CVE-2017-15713 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Apache Hadoop (string)

version : { »

version_data : [ »

0 : { »

version_value : 0.23.0 to 0.23.11 (string)

}

1 : { »

version_value : 2.0.0-alpha to 2.8.2 (string)

}

2 : { »

version_value : 3.0.0-alpha to 3.0.0-beta1 (string)

}

]

}

]

}

vendor_name : Apache Software Foundation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : [general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T20:04:49.292Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : [general] 20180119 CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

assignerShortName : apache (string)

cveId : CVE-2017-15713 (string)

datePublished : 2018-01-19T17:00:00Z (string)

dateReserved : 2017-10-21T00:00:00 (string)

dateUpdated : 2024-09-17T04:08:48.075Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "matchCriteriaId": "2361D3C0-C442-4FBD-A860-F5708E991EAE", "versionEndIncluding": "0.23.11", "versionStartIncluding": "0.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "matchCriteriaId": "47B637FE-CA00-45E7-AF2D-D55DE9C758CC", "versionEndIncluding": "2.8.2", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*", "matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "C33530ED-6093-4B4C-AFDB-4DB5EB5878E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "38BCF20D-169E-4847-8880-A223467B8639", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "336DADCF-3302-423D-BFDC-72C031AD1CAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "689B619C-04C4-43C6-B103-DDAAA9C9CC9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "1E457B6F-5F01-45C5-8568-7AF598721AEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host."}, {"lang": "es", "value": "Vulnerabilidad en Apache Hadoop 0.23.x, 2.x en versiones anteriores a la 2.7.5, 2.8.x en versiones anteriores a la 2.8.3 y 3.0.0-alpha hasta la versi\u00f3n 3.0.0-beta1 permite que un usuario del cl\u00faster exponga archivos privados en propiedad del usuario que ejecuta el proceso del servidor de historial de jobs MapReduce. El usuario malicioso puede construir un archivo de configuraci\u00f3n que contiene directivas XML que referencian archivos sensibles en el host del servidor de historial de jobs MapReduce."}], "id": "CVE-2017-15713", "lastModified": "2024-11-21T03:15:04.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-19T17:29:00.210", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2361D3C0-C442-4FBD-A860-F5708E991EAE (string)

versionEndIncluding : 0.23.11 (string)

versionStartIncluding : 0.23.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 47B637FE-CA00-45E7-AF2D-D55DE9C758CC (string)

versionEndIncluding : 2.8.2 (string)

versionStartIncluding : 2.2.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 227941BD-D769-45AD-9D61-7FCA3C2264FA (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 18BF490A-0865-47C0-A143-0991B40BD259 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:* (string)

matchCriteriaId : E091799F-203D-4C52-839E-E798770C0287 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 80E53689-C56C-4104-B510-CB4116B898CB (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 591921C3-F7EA-402E-9C36-2EADF0417C72 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 9FA774A9-81B3-4303-B254-C802B4DC8004 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:* (string)

matchCriteriaId : 25DB127F-4293-4847-A8C4-C7F6B74762EE (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:* (string)

matchCriteriaId : E8AE3E25-0726-4039-A3A8-B53F7CF0E638 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:* (string)

matchCriteriaId : C33530ED-6093-4B4C-AFDB-4DB5EB5878E0 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:* (string)

matchCriteriaId : 38BCF20D-169E-4847-8880-A223467B8639 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:* (string)

matchCriteriaId : 336DADCF-3302-423D-BFDC-72C031AD1CAD (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:* (string)

matchCriteriaId : 689B619C-04C4-43C6-B103-DDAAA9C9CC9C (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:* (string)

matchCriteriaId : 1E457B6F-5F01-45C5-8568-7AF598721AEB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad en Apache Hadoop 0.23.x, 2.x en versiones anteriores a la 2.7.5, 2.8.x en versiones anteriores a la 2.8.3 y 3.0.0-alpha hasta la versión 3.0.0-beta1 permite que un usuario del clúster exponga archivos privados en propiedad del usuario que ejecuta el proceso del servidor de historial de jobs MapReduce. El usuario malicioso puede construir un archivo de configuración que contiene directivas XML que referencian archivos sensibles en el host del servidor de historial de jobs MapReduce. (string)

}

]

id : CVE-2017-15713 (string)

lastModified : 2024-11-21T03:15:04.077 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-01-19T17:29:00.210 (string)

references : [ »

0 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91%40%3Cgeneral.hadoop.apache.org%3E (string)

}

]

sourceIdentifier : security@apache.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object