Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2021-43958 | First vendor Publication | 2022-03-16 |
Vendor | Cve | Last vendor Modification | 2022-03-22 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43958 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-307 | Improper Restriction of Excessive Authentication Attempts (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Sources (Detail)
Source | Url |
---|---|
MISC | https://jira.atlassian.com/browse/CRUC-8523 https://jira.atlassian.com/browse/FE-7387 |
Alert History
Date | Informations |
---|---|
2022-04-23 02:00:10 |
|
2022-03-22 21:22:58 |
|
2022-03-17 01:57:27 |
|
2022-03-17 01:56:24 |
|
2022-03-16 17:22:53 |
|
2022-03-16 09:22:54 |
|