How severe is CVE-2021-32015?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2021-32015?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2021-32015

MEDIUM Year: 2021

CVSS v3 Score

6.0

Medium

CVSS v2 Score

3.6

Low

Weakness Type

CWE-862

View all →

Vulnerability Description

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.

CVE-2019-20676

MEDIUM

CVSS:6.0(Medium)

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, G...

CWE-8622019

CVE-2017-7677

MEDIUM

CVSS:5.9(Medium)

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.

CWE-8622017

CVE-2019-0201

MEDIUM

CVSS:5.9(Medium)

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and retur...

CWE-8622019

CVE-2020-10746

MEDIUM

CVSS:6.1(Medium)

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to ...

CWE-8622020

CVE-2020-4175

MEDIUM

CVSS:5.9(Medium)

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit t...

CWE-8622020

CVE-2020-4413

MEDIUM

CVSS:5.9(Medium)

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this v...

CWE-8622020

CVE-2021-32015

Vulnerability Description

Related Vulnerabilities

CVE-2019-20676

CVE-2017-7677

CVE-2019-0201

CVE-2020-10746

CVE-2020-4175

CVE-2020-4413