CVE-2021-31410

High

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access…

Vaadin·CWE-402·Published 2021-04-23

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

181 chars

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

NVDen

181 chars

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

Una configuración demasiado relajada del servidor de recursos frontend en Vaadin Designer versiones 4.3.0 hasta 4.6.3, permite a atacantes remotos acceder a fuentes del proyecto por medio de una petición HTTP diseñada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	cve.org	8.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3.1	Primary	cve.org	8.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	8.6	3.9	4.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N