CVE-2021-41320

Опубликовано: 15 окт. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time).

Ссылки

https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-41320
https://client-connect.iongroup.com/library/content/treasury-management/wallstreet-suite/security/suite-7-4-83/user-passwords/
https://excellium-services.com/cert-xlm-advisory/CVE-2021-41320
Third Party Advisory
https://iongroup.com/ion-treasury/products/wallstreet-suite/
Product
Vendor Advisory
https://client-connect.iongroup.com/library/content/treasury-management/wallstreet-suite/security/suite-7-4-83/user-passwords/
https://excellium-services.com/cert-xlm-advisory/CVE-2021-41320
Third Party Advisory
https://iongroup.com/ion-treasury/products/wallstreet-suite/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iongroup:wallstreet_suite:7.4.83:*:*:*:*:*:x64:*

EPSS

Процентиль: 18%

0.00058

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-qc22-6662-58rj