{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T22:38:23.225","vulnerabilities":[{"cve":{"id":"CVE-2021-38502","sourceIdentifier":"security@mozilla.org","published":"2021-11-03T01:15:07.657","lastModified":"2024-11-21T06:17:15.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2."},{"lang":"es","value":"Thunderbird ignoró la configuración para requerir seguridad STARTTLS para una conexión SMTP. Un MITM podría llevar a cabo un ataque de degradación para interceptar los mensajes transmitidos, o podría tomar el control de la sesión autenticada para ejecutar los comandos SMTP elegidos por el MITM. Si es configurado un método de autenticación no protegido, el MITM podría obtener también las credenciales de autenticación. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 91.2"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"91.2","matchCriteriaId":"0FDD43C9-F32C-409E-B563-BD137C63A7B8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1733366","source":"security@mozilla.org","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html","source":"security@mozilla.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5034","source":"security@mozilla.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2021-47/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1733366","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5034","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2021-47/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}