CVE-2021-36751

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/", "name": "https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software", "name": "https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-798"}, {"lang": "en", "value": "CWE-326"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-36751", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}}, "publishedDate": "2022-01-02T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:encsecurity:datavault:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.1.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-01-13T15:15Z"}