{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T16:51:03.866","vulnerabilities":[{"cve":{"id":"CVE-2021-29281","sourceIdentifier":"cve@mitre.org","published":"2022-07-07T21:15:09.797","lastModified":"2024-11-21T06:00:55.820","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317."},{"lang":"es","value":"Una vulnerabilidad en la carga de archivos en GFI Mail Archiver versiones hasta 15.1 incluyéndola, por medio de una implementación no segura del plugin Telerik Web UI, que está afectado por CVE-2014-2217, y CVE-2017-11317"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gfi:archiver:*:*:*:*:*:*:*:*","versionEndExcluding":"15.2","matchCriteriaId":"31909790-5A84-4F63-A326-0D16CB3A524A"}]}]}],"references":[{"url":"https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://cwe.mitre.org/data/definitions/434.html","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/50181","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-archiver","source":"cve@mitre.org","tags":["Product"]},{"url":"https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://cwe.mitre.org/data/definitions/434.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/50181","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-archiver","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}