{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-17T03:08:31.072","vulnerabilities":[{"cve":{"id":"CVE-2021-32744","sourceIdentifier":"security-advisories@github.com","published":"2021-07-21T16:15:08.727","lastModified":"2024-11-21T06:07:39.363","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."},{"lang":"es","value":"Collabora Online es una suite de office colaborativa online. En las versiones anteriores a 4.2.17-1 y versión 6.4.9-5, unos atacantes no autenticados pueden obtener acceso a archivos que están abiertos actualmente por otros usuarios en el editor de Collabora Online. Para una explotación con éxito, el atacante debe adivinar el identificador del archivo - la predictibilidad de este identificador de archivo depende de las implementaciones externas de almacenamiento de archivos (esto es una potencial vulnerabilidad \"IDOR\" - Insecure Direct Object Reference -). Las versiones 4.2.17-1 y 6.4.9-5 contienen parches para este problema. No hay ninguna solución conocida, excepto la actualización de la aplicación Collabora Online a una de las versiones parcheadas"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.17-1","matchCriteriaId":"FA98CADA-F443-46F5-98DF-43842E707588"},{"vulnerable":true,"criteria":"cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.9-5","matchCriteriaId":"8FB8B6C7-A4FF-4B5D-A293-649E0915EBB4"}]}]}],"references":[{"url":"https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}