VAR-202102-0254
Vulnerability from variot - Updated: 2023-12-18 13:01A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server. Inspur ClusterEngine Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inspur Inspur ClusterEngine is an application software of China Inspur Company. Provides jobs submitted by the software and hardware in the management cluster system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clusterengine",
"scope": "eq",
"trust": 1.8,
"vendor": "inspur",
"version": "4.0"
},
{
"model": "clusterengine",
"scope": "eq",
"trust": 0.8,
"vendor": "inspur",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "NVD",
"id": "CVE-2020-21224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:inspur:clusterengine:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-21224"
}
]
},
"cve": "CVE-2020-21224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-21224",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-174781",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-21224",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-21224",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1465",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-174781",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-21224",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-174781"
},
{
"db": "VULMON",
"id": "CVE-2020-21224"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "NVD",
"id": "CVE-2020-21224"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server. Inspur ClusterEngine Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inspur Inspur ClusterEngine is an application software of China Inspur Company. Provides jobs submitted by the software and hardware in the management cluster system",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-21224"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "VULHUB",
"id": "VHN-174781"
},
{
"db": "VULMON",
"id": "CVE-2020-21224"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-21224",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1465",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-174781",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-21224",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-174781"
},
{
"db": "VULMON",
"id": "CVE-2020-21224"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "NVD",
"id": "CVE-2020-21224"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
]
},
"id": "VAR-202102-0254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-174781"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:01:26.177000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ClusterEngine",
"trust": 0.8,
"url": "https://en.inspur.com/en/2402530/2402532/2402583/2404702/2411005/index.html"
},
{
"title": "wave Inspur ClusterEngine Repair measures for parameter injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=143032"
},
{
"title": "Inspur",
"trust": 0.1,
"url": "https://github.com/ns-sp4ce/inspur "
},
{
"title": "Goby_POC",
"trust": 0.1,
"url": "https://github.com/h4ckth3w0r1d/goby_poc "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-21224"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.1
},
{
"problemtype": "Insert or change arguments (CWE-88) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-174781"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "NVD",
"id": "CVE-2020-21224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ns-sp4ce/inspur/"
},
{
"trust": 2.6,
"url": "https://github.com/ns-sp4ce/inspur/tree/master/clusterenginev4.0%20vul"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-21224"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/88.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ns-sp4ce/inspur"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-174781"
},
{
"db": "VULMON",
"id": "CVE-2020-21224"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "NVD",
"id": "CVE-2020-21224"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-174781"
},
{
"db": "VULMON",
"id": "CVE-2020-21224"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"db": "NVD",
"id": "CVE-2020-21224"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-174781"
},
{
"date": "2021-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-21224"
},
{
"date": "2021-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"date": "2021-02-22T15:15:12.240000",
"db": "NVD",
"id": "CVE-2020-21224"
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "VULHUB",
"id": "VHN-174781"
},
{
"date": "2021-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-21224"
},
{
"date": "2021-11-11T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2020-016165"
},
{
"date": "2021-02-26T20:20:52.610000",
"db": "NVD",
"id": "CVE-2020-21224"
},
{
"date": "2021-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inspur\u00a0ClusterEngine\u00a0 Argument insertion or modification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016165"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parameter injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1465"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…