CVE-2021-45035

Опубликовано: 23 сент. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 5.9

EPSS Низкий

Описание

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.

Ссылки

https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados
Vendor Advisory
https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/
Vendor Advisory
https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication
Third Party Advisory
https://www.velneo.com/blog/nueva-revision-velneo-29-2
Vendor Advisory
https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados
Vendor Advisory
https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/
Vendor Advisory
https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication
Third Party Advisory
https://www.velneo.com/blog/nueva-revision-velneo-29-2
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00133

Низкий

6.3 Medium

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-287

CWE-295

Связанные уязвимости

GHSA-pv7f-h3w8-w3jh

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 34%

0.00133

Низкий

6.3 Medium

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-287

CWE-295