exploitDog

CVE-2021-33577

Опубликовано: 18 июн. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

Ссылки

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md
Exploit
Third Party Advisory
https://www.cleo.com/cleo-lexicom
Product
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md
Exploit
Third Party Advisory
https://www.cleo.com/cleo-lexicom
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cleo:lexicom:5.5.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00115

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2c7q-mc2r-gx7m

CVSS3: 5.3

github

около 3 лет назад

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

EPSS

Процентиль: 31%

0.00115

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other