CVE-2021-20104 - Vulnerability Details

Vendors	Products
Machform	Machform

Link	Providers
https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "AppNitro Machform", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions prior to version 16"}]}], "descriptions": [{"lang": "en", "value": "Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-29T15:31:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2021-20104", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AppNitro Machform", "version": {"version_data": [{"version_value": "All versions prior to version 16"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.637Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2021-20104", "datePublished": "2021-06-29T15:31:01", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:30:07.637Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : AppNitro Machform (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions prior to version 16 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Remote Code Execution (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-06-29T15:31:01 (string)

orgId : 5ac1ecc2-367a-4d16-a0b2-35d495ddd0be (string)

shortName : tenable (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vulnreport@tenable.com (string)

ID : CVE-2021-20104 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : AppNitro Machform (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions prior to version 16 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Remote Code Execution (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/ (string)

refsource : MISC (string)

url : https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T17:30:07.637Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 5ac1ecc2-367a-4d16-a0b2-35d495ddd0be (string)

assignerShortName : tenable (string)

cveId : CVE-2021-20104 (string)

datePublished : 2021-06-29T15:31:01 (string)

dateReserved : 2020-12-17T00:00:00 (string)

dateUpdated : 2024-08-03T17:30:07.637Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD08E317-54C3-4F04-A8AE-98C9FB7C8D45", "versionEndExcluding": "16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php."}, {"lang": "es", "value": "Machform anterior a versi\u00f3n 16, es vulnerable a la ejecuci\u00f3n de c\u00f3digo remota no autenticada debido a un saneamiento insuficiente de los archivos adjuntos cargados con los formularios mediante el archivo upload.php"}], "id": "CVE-2021-20104", "lastModified": "2024-11-21T05:45:55.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-29T16:15:08.213", "references": [{"source": "vulnreport@tenable.com", "url": "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DD08E317-54C3-4F04-A8AE-98C9FB7C8D45 (string)

versionEndExcluding : 16 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. (string)

}

1 : { »

lang : es (string)

value : Machform anterior a versión 16, es vulnerable a la ejecución de código remota no autenticada debido a un saneamiento insuficiente de los archivos adjuntos cargados con los formularios mediante el archivo upload.php (string)

}

]

id : CVE-2021-20104 (string)

lastModified : 2024-11-21T05:45:55.803 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.1 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.2 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-06-29T16:15:08.213 (string)

references : [ »

0 : { »

source : vulnreport@tenable.com (string)

url : https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/ (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/ (string)

}

]

sourceIdentifier : vulnreport@tenable.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-434 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object