exploitDog

CVE-2021-28293

Опубликовано: 08 июн. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.

Ссылки

https://0xdb9.in/2021/06/07/cve-2021-28293.html
Exploit
Third Party Advisory
https://www.seceon.com/advanced-siem-aisiem
Product
Vendor Advisory
https://0xdb9.in/2021/06/07/cve-2021-28293.html
Exploit
Third Party Advisory
https://www.seceon.com/advanced-siem-aisiem
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:seceon:aisiem:*:*:*:*:*:*:*:*

Версия до 6.3.2 (исключая)

EPSS

Процентиль: 82%

0.0178

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-640

Связанные уязвимости

GHSA-xqx5-9rjr-cjq9

CVSS3: 9.8

github

больше 3 лет назад

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.

EPSS

Процентиль: 82%

0.0178

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-640