ID
VAR-202104-1114
CVE
CVE-2021-30057
TITLE
Knowage Suite Injection vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2021-005157
DESCRIPTION
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters. Knowage Suite Is vulnerable to injection.Information may be obtained and information may be tampered with
Trust: 1.71
sources:
NVD: CVE-2021-30057 //
JVNDB: JVNDB-2021-005157 //
VULMON: CVE-2021-30057
AFFECTED PRODUCTS
| vendor: | eng | model: | knowage | scope: | lt | version: | 7.4 | Trust: 1.0 |
| vendor: | knowage | model: | knowage | scope: | eq | version: | 7.1 | Trust: 0.8 |
| vendor: | knowage | model: | knowage | scope: | eq | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-005157 //
NVD: CVE-2021-30057
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULMON: CVE-2021-30057 //
JVNDB: JVNDB-2021-005157 //
CNNVD: CNNVD-202104-196 //
NVD: CVE-2021-30057
PROBLEMTYPE DATA
| problemtype: | CWE-74 | Trust: 1.0 |
| problemtype: | injection (CWE-74) [NVD Evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-005157 //
NVD: CVE-2021-30057
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202104-196
TYPE
injection
Trust: 0.6
sources:
CNNVD: CNNVD-202104-196
PATCH
| title: | Top Page | url: | https://www.knowage-suite.com/site/home/ | Trust: 0.8 |
| title: | Knowage Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147150 | Trust: 0.6 |
| title: | - | url: | https://github.com/piuppi/Proof-of-Concepts | Trust: 0.1 |
sources:
VULMON: CVE-2021-30057 //
JVNDB: JVNDB-2021-005157 //
CNNVD: CNNVD-202104-196
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-30057 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2021-005157 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202104-196 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2021-30057 | Trust: 0.1 |
sources:
VULMON: CVE-2021-30057 //
JVNDB: JVNDB-2021-005157 //
CNNVD: CNNVD-202104-196 //
NVD: CVE-2021-30057
REFERENCES
| url: | https://github.com/piuppi/proof-of-concepts/blob/main/engineering/htlm-injection-knowagesuite.md | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-30057 | Trust: 1.4 |
| url: | https://cwe.mitre.org/data/definitions/74.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://github.com/piuppi/proof-of-concepts | Trust: 0.1 |
sources:
VULMON: CVE-2021-30057 //
JVNDB: JVNDB-2021-005157 //
CNNVD: CNNVD-202104-196 //
NVD: CVE-2021-30057
SOURCES
| db: | VULMON | id: | CVE-2021-30057 |
| db: | JVNDB | id: | JVNDB-2021-005157 |
| db: | CNNVD | id: | CNNVD-202104-196 |
| db: | NVD | id: | CVE-2021-30057 |
LAST UPDATE DATE
2024-11-23T22:11:00.578000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2021-30057 | date: | 2021-04-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-005157 | date: | 2021-12-08T08:45:00 |
| db: | CNNVD | id: | CNNVD-202104-196 | date: | 2021-04-12T00:00:00 |
| db: | NVD | id: | CVE-2021-30057 | date: | 2024-11-21T06:03:16.410 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2021-30057 | date: | 2021-04-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-005157 | date: | 2021-12-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-196 | date: | 2021-04-05T00:00:00 |
| db: | NVD | id: | CVE-2021-30057 | date: | 2021-04-05T11:15:11.697 |