CVE-2021-45036

Опубликовано: 28 нояб. 2022

Источник: nvd

CVSS3: 8.7

CVSS3: 7.4

EPSS Низкий

Описание

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Ссылки

https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps
Vendor Advisory
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver
Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps
Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena
Release Notes
Vendor Advisory
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/
Release Notes
Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32
Release Notes
Vendor Advisory
https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps
Vendor Advisory
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver
Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps
Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena
Release Notes
Vendor Advisory
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/
Release Notes
Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00439

Низкий

8.7 High

CVSS3

7.4 High

CVSS3

Дефекты

CWE-290

CWE-287

Связанные уязвимости

GHSA-c83p-m9mw-q96q

CVSS3: 7.4

github

около 3 лет назад

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

EPSS

Процентиль: 63%

0.00439

Низкий

8.7 High

CVSS3

7.4 High

CVSS3

Дефекты

CWE-290

CWE-287