CVE-2021-31926
Published Apr 30, 2021
Last updated 3 years ago
Overview
- Description
- AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the applicable API endpoint (despite not having permission to make changes to the system's network configuration).
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-863
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecoders:amp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A96FE9F0-6B33-4347-8666-8D9C190A49B7",
"versionEndExcluding": "2.1.1.2",
"versionStartIncluding": "2.1.0"
}
],
"operator": "OR"
}
]
}
]