cvelistv5 - cve-2021-43999

CVE-2021-43999 (GCVE-0-2021-43999)

Vulnerability from cvelistv5 – Published: 2022-01-11 22:10 – Updated: 2024-08-04 04:10

Summary

Severity ?

No CVSS data available.

CWE

CWE-287 - Improper Authentication

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/01/11/7	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Guacamole	Affected: 1.3.0 Affected: 1.2.0

Credits

We would like to thank Finn Steglich (ETAS) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
          },
          {
            "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Guacamole",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.0"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "high"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-12T00:06:11",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
        },
        {
          "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper validation of SAML responses",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-43999",
          "STATE": "PUBLIC",
          "TITLE": "Improper validation of SAML responses"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Guacamole",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.3.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "1.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "high"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287 Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
            },
            {
              "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-43999",
    "datePublished": "2022-01-11T22:10:12",
    "dateReserved": "2021-11-18T00:00:00",
    "dateUpdated": "2024-08-04T04:10:17.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"19C6CFCC-0796-4201-BEF4-78A6E5A11C85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"2526DE35-521D-4709-A0E8-022B430F1AF5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.\"}, {\"lang\": \"es\", \"value\": \"Apache Guacamole versiones 1.2.0 y 1.3.0, no comprueban correctamente las respuestas recibidas de un proveedor de identidad SAML. Si la compatibilidad con SAML est\\u00e1 habilitada, esto puede permitir que un usuario malicioso asuma la identidad de otro usuario de Guacamole\"}]",
      "id": "CVE-2021-43999",
      "lastModified": "2024-11-21T06:30:10.790",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-01-11T22:15:07.627",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/01/11/7\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/01/11/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-43999\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-01-11T22:15:07.627\",\"lastModified\":\"2024-11-21T06:30:10.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.\"},{\"lang\":\"es\",\"value\":\"Apache Guacamole versiones 1.2.0 y 1.3.0, no comprueban correctamente las respuestas recibidas de un proveedor de identidad SAML. Si la compatibilidad con SAML est\u00e1 habilitada, esto puede permitir que un usuario malicioso asuma la identidad de otro usuario de Guacamole\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"19C6CFCC-0796-4201-BEF4-78A6E5A11C85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2526DE35-521D-4709-A0E8-022B430F1AF5\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/11/7\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/11/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-V83C-8HCJ-4545

Vulnerability from github – Published: 2022-02-15 01:44 – Updated: 2022-02-15 01:44

Summary

Improper Authentication in Apache Guacamole

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-43999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.",
  "id": "GHSA-v83c-8hcj-4545",
  "modified": "2022-02-15T01:44:10Z",
  "published": "2022-02-15T01:44:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43999"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/guacamole-client"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Authentication in Apache Guacamole"
}

CNVD-2022-04989

Vulnerability from cnvd - Published: 2022-01-19

Title

Apache Guacamole授权问题漏洞

Description

Apache Guacamole是美国阿帕奇（Apache）基金会的一款无客户端的远程桌面网关。该产品支持VNC、RDP和SSH等协议。 Apache Guacamole 1.2.0和1.3.0存在安全漏洞，该漏洞源于Apache Guacamole 1.2.0和1.3.0未能正确地验证从SAML标识提供程序接收到的响应。如果启用了SAML支持，这可能会允许恶意用户冒充另一个Guacamole用户。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Apache Guacamole授权问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-43999

Impacted products

Name
['Apache Guacamole 1.2.0', 'Apache Guacamole 1.3.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-43999"
    }
  },
  "description": "Apache Guacamole\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u65e0\u5ba2\u6237\u7aef\u7684\u8fdc\u7a0b\u684c\u9762\u7f51\u5173\u3002\u8be5\u4ea7\u54c1\u652f\u6301VNC\u3001RDP\u548cSSH\u7b49\u534f\u8bae\u3002\n\nApache Guacamole 1.2.0\u548c1.3.0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eApache Guacamole 1.2.0\u548c1.3.0\u672a\u80fd\u6b63\u786e\u5730\u9a8c\u8bc1\u4eceSAML\u6807\u8bc6\u63d0\u4f9b\u7a0b\u5e8f\u63a5\u6536\u5230\u7684\u54cd\u5e94\u3002\u5982\u679c\u542f\u7528\u4e86SAML\u652f\u6301\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5141\u8bb8\u6076\u610f\u7528\u6237\u5192\u5145\u53e6\u4e00\u4e2aGuacamole\u7528\u6237\u3002 \u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-04989",
  "openTime": "2022-01-19",
  "patchDescription": "Apache Guacamole\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u65e0\u5ba2\u6237\u7aef\u7684\u8fdc\u7a0b\u684c\u9762\u7f51\u5173\u3002\u8be5\u4ea7\u54c1\u652f\u6301VNC\u3001RDP\u548cSSH\u7b49\u534f\u8bae\u3002\r\n\r\nApache Guacamole 1.2.0\u548c1.3.0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eApache Guacamole 1.2.0\u548c1.3.0\u672a\u80fd\u6b63\u786e\u5730\u9a8c\u8bc1\u4eceSAML\u6807\u8bc6\u63d0\u4f9b\u7a0b\u5e8f\u63a5\u6536\u5230\u7684\u54cd\u5e94\u3002\u5982\u679c\u542f\u7528\u4e86SAML\u652f\u6301\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5141\u8bb8\u6076\u610f\u7528\u6237\u5192\u5145\u53e6\u4e00\u4e2aGuacamole\u7528\u6237\u3002 \u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Guacamole\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Guacamole 1.2.0",
      "Apache Guacamole 1.3.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-43999",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-12",
  "title": "Apache Guacamole\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

GSD-2021-43999

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-43999

Aliases

CVE-2021-43999

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-43999",
    "description": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.",
    "id": "GSD-2021-43999"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-43999"
      ],
      "details": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.",
      "id": "GSD-2021-43999",
      "modified": "2023-12-13T01:23:26.205839Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2021-43999",
        "STATE": "PUBLIC",
        "TITLE": "Improper validation of SAML responses"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Guacamole",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "1.3.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {
          "other": "high"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287 Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
          },
          {
            "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.2.0,1.3.0]",
          "affected_versions": "All versions starting from 1.2.0 up to 1.3.0",
          "cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-287",
            "CWE-937"
          ],
          "date": "2022-01-14",
          "description": "Apache Guacamole do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.",
          "fixed_versions": [
            "1.4.0"
          ],
          "identifier": "CVE-2021-43999",
          "identifiers": [
            "CVE-2021-43999"
          ],
          "not_impacted": "All versions before 1.2.0, all versions after 1.3.0",
          "package_slug": "maven/org.apache.guacamole/guacamole-common",
          "pubdate": "2022-01-11",
          "solution": "Upgrade to version 1.4.0 or above.",
          "title": "Improper Authentication",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-43999",
            "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9",
            "http://www.openwall.com/lists/oss-security/2022/01/11/7"
          ],
          "uuid": "0aa78858-58f4-4ba8-8710-0c6a240e242d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-43999"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
            },
            {
              "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-01-14T16:16Z",
      "publishedDate": "2022-01-11T22:15Z"
    }
  }
}

FKIE_CVE-2021-43999

Vulnerability from fkie_nvd - Published: 2022-01-11 22:15 - Updated: 2024-11-21 06:30

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2022/01/11/7	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/01/11/7	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	guacamole	1.2.0
	apache	guacamole	1.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "19C6CFCC-0796-4201-BEF4-78A6E5A11C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2526DE35-521D-4709-A0E8-022B430F1AF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
    },
    {
      "lang": "es",
      "value": "Apache Guacamole versiones 1.2.0 y 1.3.0, no comprueban correctamente las respuestas recibidas de un proveedor de identidad SAML. Si la compatibilidad con SAML est\u00e1 habilitada, esto puede permitir que un usuario malicioso asuma la identidad de otro usuario de Guacamole"
    }
  ],
  "id": "CVE-2021-43999",
  "lastModified": "2024-11-21T06:30:10.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-11T22:15:07.627",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202201-0850

Vulnerability from variot - Updated: 2023-12-18 12:16

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. Apache Guacamole There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH. No detailed vulnerability details are currently provided

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0850",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "guacamole",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "apache",
        "version": "1.2.0"
      },
      {
        "model": "guacamole",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "apache",
        "version": "1.3.0"
      },
      {
        "model": "guacamole",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      }
    ]
  },
  "cve": "CVE-2021-43999",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-43999",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2022-04989",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-43999",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-43999",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-04989",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-892",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. Apache Guacamole There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH. No detailed vulnerability details are currently provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-43999",
        "trust": 3.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/01/11/7",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011217",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ]
  },
  "id": "VAR-202201-0850",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      }
    ],
    "trust": 0.90092594
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:16:00.378000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Improper\u00a0validation\u00a0of\u00a0SAML\u00a0responses",
        "trust": 0.8,
        "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
      },
      {
        "title": "Patch for Apache Guacamole Authorization Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/314441"
      },
      {
        "title": "Apache Guacamole Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178164"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43999"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011217"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "date": "2023-02-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "date": "2022-01-11T22:15:07.627000",
        "db": "NVD",
        "id": "CVE-2021-43999"
      },
      {
        "date": "2022-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-04989"
      },
      {
        "date": "2023-02-01T04:54:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      },
      {
        "date": "2022-01-14T16:16:49.483000",
        "db": "NVD",
        "id": "CVE-2021-43999"
      },
      {
        "date": "2022-01-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache\u00a0Guacamole\u00a0 Authentication vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002969"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-892"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-43999 (GCVE-0-2021-43999)

GHSA-V83C-8HCJ-4545

CNVD-2022-04989

GSD-2021-43999

FKIE_CVE-2021-43999

VAR-202201-0850

Tags

Sightings

Nomenclature