Executive Summary

Informations
Name CVE-2021-31403 First vendor Publication 2021-04-23
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Overall CVSS Score 2.5
Base Score 2.5 Environmental Score 2.5
impact SubScore 1.4 Temporal Score 2.5
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact Low
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.9 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31403

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-203 Information Exposure Through Discrepancy

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

https://github.com/vaadin/framework/pull/12188
https://github.com/vaadin/framework/pull/12190
https://vaadin.com/security/cve-2021-31403
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-11-28 13:56:27
  • Multiple Updates
2021-05-04 13:25:36
  • Multiple Updates
2021-05-01 00:22:48
  • Multiple Updates
2021-04-23 21:23:08
  • First insertion