MITRE CALDERA 2.8.1 privileges management

A vulnerability has been found in MITRE CALDERA 2.8.1 and classified as critical. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field01/13/2022 06:40 AM01/15/2022 12:14 PM
vendorMITREMITRE
nameCALDERACALDERA
version2.8.12.8.1
cwe269 (privilege escalation)269 (privilege escalation)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_prHH
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rcRR
urlhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42562-Improper%20Access%20Control-MITRE%20Calderahttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42562-Improper%20Access%20Control-MITRE%20Caldera
cveCVE-2021-42562CVE-2021-42562
cve_assigned16345080001634508000
date1642028400 (01/13/2022)1642028400 (01/13/2022)
cvss2_vuldb_acLL
cvss2_vuldb_auMM
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcURUR
cvss2_vuldb_avAA
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore4.74.7
cvss2_vuldb_tempscore4.54.5
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.24.2
cvss3_meta_basescore4.34.3
cvss3_meta_tempscore4.24.2
price_0day$0-$5k$0-$5k
cve_nvd_summaryAn issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!