9.8
CVE-2020-21237
- EPSS 0.41%
- Published 27.12.2021 23:15:08
- Last modified 21.11.2024 05:12:29
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.601 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.