CVE-2021-44524

Опубликовано: 14 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:sipass_integrated:2.76:-:*:*:*:*:*:*

cpe:2.3:a:siemens:sipass_integrated:2.76:sp1:*:*:*:*:*:*

cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siveillance_identity:*:*:*:*:*:*:*:*

Версия от 1.6 (включая) до 1.6.284.0 (включая)

cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00582

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-668

CWE-287

Связанные уязвимости

GHSA-7m98-whf4-6699

github

около 4 лет назад