CVE-2021-36921

Опубликовано: 12 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request.

Ссылки

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0021/FEYE-2021-0021.md
Third Party Advisory
https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36921
Third Party Advisory
https://www.monitorapp.com/waf/
Product
Vendor Advisory
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0021/FEYE-2021-0021.md
Third Party Advisory
https://github.com/monitorapp-aicc/report/wiki/CVE-2021-36921
Third Party Advisory
https://www.monitorapp.com/waf/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:monitorapp:application_insight_manager:*:*:*:*:*:*:*:*

Версия от b107 (включая) до b115 (исключая)

cpe:2.3:a:monitorapp:application_insight_web_application_firewall:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.005

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-fj8v-w5xg-jhc7

github

больше 3 лет назад