CWE-358
AllowedImproperly Implemented Security Check for Standard
Abstraction: Base · Status: Draft
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
197 vulnerabilities reference this CWE, most recent first.
GHSA-MRQC-H6P9-G3PJ
Vulnerability from github – Published: 2025-07-26 18:30 – Updated: 2025-07-26 18:30A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-8204"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-26T16:15:25Z",
"severity": "LOW"
},
"details": "A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-mrqc-h6p9-g3pj",
"modified": "2025-07-26T18:30:22Z",
"published": "2025-07-26T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8204"
},
{
"type": "WEB",
"url": "https://news.fmisec.com/comodo-dragon-vulnerability"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.317773"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.317773"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.615647"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P5HG-3XM3-GCJG
Vulnerability from github – Published: 2018-10-17 20:05 – Updated: 2025-01-31 18:51Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-messaging"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0.RELEASE"
},
{
"fixed": "5.0.5.RELEASE"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-messaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.16.RELEASE"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1270"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:47:59Z",
"nvd_published_at": "2018-04-06T13:29:00Z",
"severity": "CRITICAL"
},
"details": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.",
"id": "GHSA-p5hg-3xm3-gcjg",
"modified": "2025-01-31T18:51:12Z",
"published": "2018-10-17T20:05:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1270"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708a"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44796"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227125035/https://www.securityfocus.com/bid/103696"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2018-1270"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-framework"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2939"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Spring Framework allows applications to expose STOMP over WebSocket endpoints"
}
GHSA-P7MF-J4FJ-4RQ3
Vulnerability from github – Published: 2025-03-24 18:31 – Updated: 2025-03-24 18:31A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2021-26105"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-24T16:15:16Z",
"severity": "MODERATE"
},
"details": "A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.",
"id": "GHSA-p7mf-j4fj-4rq3",
"modified": "2025-03-24T18:31:02Z",
"published": "2025-03-24T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26105"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-234"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PC5P-G2CG-MR66
Vulnerability from github – Published: 2026-02-09 06:30 – Updated: 2026-03-05 15:30A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed.
The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
{
"affected": [],
"aliases": [
"CVE-2025-66601"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-09T04:15:49Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nspecify MIME types. When an attacker performs a content sniffing attack,\nmalicious scripts could be executed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04",
"id": "GHSA-pc5p-g2cg-mr66",
"modified": "2026-03-05T15:30:33Z",
"published": "2026-02-09T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66601"
},
{
"type": "WEB",
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PWFH-MQP3-PQWJ
Vulnerability from github – Published: 2026-05-11 15:29 – Updated: 2026-06-08 23:48Summary
Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest.
Impact
A gNB can corrupt Ella Core's stored UE security capabilities for a target UE.
Fix
The PathSwitchRequest handler now compares the received UE Security Capabilities against Ella Core's locally stored values, preserves the stored values on mismatch, returns them in the PathSwitchRequestAcknowledge, and logs the event.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ellanetworks/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44475"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T15:29:37Z",
"nvd_published_at": "2026-05-27T17:16:39Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nElla Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core\u0027s stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest.\n\n## Impact\n\nA gNB can corrupt Ella Core\u0027s stored UE security capabilities for a target UE.\n\n## Fix\n\nThe PathSwitchRequest handler now compares the received UE Security Capabilities against Ella Core\u0027s locally stored values, preserves the stored values on mismatch, returns them in the PathSwitchRequestAcknowledge, and logs the event.",
"id": "GHSA-pwfh-mqp3-pqwj",
"modified": "2026-06-08T23:48:59Z",
"published": "2026-05-11T15:29:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-pwfh-mqp3-pqwj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44475"
},
{
"type": "PACKAGE",
"url": "https://github.com/ellanetworks/core"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest"
}
GHSA-PX93-J66Q-3GQM
Vulnerability from github – Published: 2022-07-30 00:00 – Updated: 2022-08-09 00:00Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions
{
"affected": [],
"aliases": [
"CVE-2022-2324"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-29T21:15:00Z",
"severity": "HIGH"
},
"details": "Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions",
"id": "GHSA-px93-j66q-3gqm",
"modified": "2022-08-09T00:00:22Z",
"published": "2022-07-30T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2324"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q863-2F3F-CF77
Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2026-01-15 21:31BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.
{
"affected": [],
"aliases": [
"CVE-2025-62002"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T21:15:54Z",
"severity": "MODERATE"
},
"details": "BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.",
"id": "GHSA-q863-2f3f-cf77",
"modified": "2026-01-15T21:31:42Z",
"published": "2025-12-18T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62002"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/VA-25-352-01.json"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QFXW-V8QX-VJ3V
Vulnerability from github – Published: 2026-05-11 15:18 – Updated: 2026-06-08 23:48Summary
A radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection, then creates a GTP tunnel towards that radio.
Impact
Downlink user-plane traffic for the targeted UE is redirected to the attacker's radio.
Fix
UE context lookups are now scoped to the sending radio's SCTP association.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ellanetworks/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44473"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T15:18:47Z",
"nvd_published_at": "2026-05-27T17:16:39Z",
"severity": "HIGH"
},
"details": "## Summary\n\nA radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE\u0027s AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE\u0027s logical NG-connection, then creates a GTP tunnel towards that radio.\n\n## Impact\n\nDownlink user-plane traffic for the targeted UE is redirected to the attacker\u0027s radio.\n\n## Fix\n\nUE context lookups are now scoped to the sending radio\u0027s SCTP association.",
"id": "GHSA-qfxw-v8qx-vj3v",
"modified": "2026-06-08T23:48:51Z",
"published": "2026-05-11T15:18:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-qfxw-v8qx-vj3v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44473"
},
{
"type": "PACKAGE",
"url": "https://github.com/ellanetworks/core"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse"
}
GHSA-QHGJ-R7G7-WHQW
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.
{
"affected": [],
"aliases": [
"CVE-2018-16857"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-28T14:29:00Z",
"severity": "MODERATE"
},
"details": "Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation\u0027s password policies apply as expected may not have been re-done after the upgrade.",
"id": "GHSA-qhgj-r7g7-whqw",
"modified": "2022-05-13T01:34:04Z",
"published": "2022-05-13T01:34:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16857"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-52"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181127-0001"
},
{
"type": "WEB",
"url": "https://www.samba.org/samba/security/CVE-2018-16857.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QHQ7-RM64-QH84
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-10-27 19:00Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.
{
"affected": [],
"aliases": [
"CVE-2021-34791"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.",
"id": "GHSA-qhq7-rm64-qh84",
"modified": "2022-10-27T19:00:30Z",
"published": "2022-05-24T19:18:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34791"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.