CVE-2021-47663

{"id": "CVE-2021-47663", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-04-24T10:15:16.703", "references": [{"url": "https://www.sciencedirect.com/science/article/pii/S2351978921001657", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Due to improper\u00a0JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access."}, {"lang": "es", "value": "Debido a una implementaci\u00f3n incorrecta de tokens web JSON, un atacante remoto no autenticado puede adivinar una ID de sesi\u00f3n v\u00e1lida y, por lo tanto, hacerse pasar por un usuario para obtener acceso completo."}], "lastModified": "2025-04-29T13:52:47.470", "sourceIdentifier": "info@cert.vde.com"}