CVE-2021-43136

Опубликовано: 10 нояб. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Средний

Описание

An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.

Ссылки

http://packetstormsecurity.com/files/164930/FormaLMS-2.4.4-Authentication-Bypass.html
Exploit
Third Party Advisory
VDB Entry
https://blog.hacktivesecurity.com
Third Party Advisory
https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/
Exploit
Third Party Advisory
https://formalms.org
Vendor Advisory
http://packetstormsecurity.com/files/164930/FormaLMS-2.4.4-Authentication-Bypass.html
Exploit
Third Party Advisory
VDB Entry
https://blog.hacktivesecurity.com
Third Party Advisory
https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/
Exploit
Third Party Advisory
https://formalms.org
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:formalms:formalms:*:*:*:*:*:*:*:*

Версия до 2.4.4 (включая)

EPSS

Процентиль: 94%

0.1324

Средний

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-r5fr-w3hg-pg7p