CVE-2021-41719

{"id": "CVE-2021-41719", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-04T21:15:11.237", "references": [{"url": "https://cvewalkthrough.com/cve-2021-41719-mseb-ios-application-sensitive-information-exposure/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-598"}]}], "descriptions": [{"lang": "en", "value": "Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."}, {"lang": "es", "value": "Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 la aplicaci\u00f3n hasta la versi\u00f3n 16.1 se comunica utilizando el m\u00e9todo GET para procesar solicitudes que contienen informaci\u00f3n confidencial como el nombre de la cuenta de usuario y la contrase\u00f1a, que pueden exponer dicha informaci\u00f3n a trav\u00e9s del historial del navegador, referentes, registros web y otras fuentes."}], "lastModified": "2025-03-21T17:15:35.857", "sourceIdentifier": "cve@mitre.org"}