{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T11:04:13.549","vulnerabilities":[{"cve":{"id":"CVE-2021-27913","sourceIdentifier":"security@mautic.org","published":"2021-08-30T16:15:07.457","lastModified":"2024-11-21T05:58:47.220","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."},{"lang":"es","value":"La función mt_rand es usada para generar tokens de sesión, esta función es criptográficamente defectuosa debido a que su naturaleza es una pseudoaleatoriedad, un atacante puede aprovechar la naturaleza criptográficamente no segura de esta función para enumerar tokens de sesión para cuentas que no están bajo su control. Este problema afecta a:  Mautic versiones anteriores a 3.3.4; versiones anteriores a 4.0.0."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-338"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.4","matchCriteriaId":"EA7B8AF8-5929-4515-9EFF-9F589FA3FFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"A4B8FCED-A690-45D0-ACE1-871ADA2080F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*","matchCriteriaId":"14D56FFE-E768-4502-BA7E-6B34BFE463B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*","matchCriteriaId":"C536B44B-C713-47D1-9EBD-E2D94CB0561E"}]}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3","source":"security@mautic.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}