7.5

CVE-2021-21339

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Typo3Typo3 Version >= 6.2.0 < 6.2.57
Typo3Typo3 Version >= 7.0.0 < 7.6.51
Typo3Typo3 Version >= 8.0.0 < 8.7.40
Typo3Typo3 Version >= 9.0.0 < 9.5.25
Typo3Typo3 Version >= 10.0.0 < 10.4.14
Typo3Typo3 Version >= 11.0.0 < 11.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.335
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://packagist.org/packages/typo3/cms-core
Third Party Advisory
Release Notes