Vulnerability Details CVE-2021-33318
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/jchristn/IpMatcher
- https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89
- https://github.com/jchristn/WatsonWebserver
- https://github.com/kaoudis/advisories/blob/main/0-2021.md
- https://github.com/jchristn/IpMatcher
- https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89
- https://github.com/jchristn/WatsonWebserver
- https://github.com/kaoudis/advisories/blob/main/0-2021.md
Products affected by CVE-2021-33318
-
cpe:2.3:a:ipmatcher_project:ipmatcher:-
-
cpe:2.3:a:ipmatcher_project:ipmatcher:1.0.4.1
-
cpe:2.3:a:watsonwebserver_project:watsonwebserver:-
-
cpe:2.3:a:watsonwebserver_project:watsonwebserver:4.1.3