5.9
CVE-2021-22267
- EPSS 0.33%
- Veröffentlicht 09.02.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:49:49
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hpe ≫ Web Viewpoint Version >= 06.03 <= 06.23.01
Hpe ≫ Web Viewpoint Version >= 15.08.00 <= 19.08.00
Hpe ≫ Web Viewpoint Version >= t0320h01\^abw <= t0320h01\^acc
Hpe ≫ Web Viewpoint Version >= t0952h01\^aaq <= t0952h01\^aaw
Hpe ≫ Web Viewpoint Version >= t0952l01\^aar <= t0952l01\^aax
Hpe ≫ Web Viewpoint Version >= t0986h01\^aac <= t0986h01\^aai
Hpe ≫ Web Viewpoint Version >= t0986l01\^aad <= t0986l01\^aaj
Hpe ≫ Web Viewpoint Version15.02.00
Hpe ≫ Web Viewpoint Version15.02.01
Hpe ≫ Web Viewpoint Versiont0320l01^aby
Hpe ≫ Web Viewpoint Versiont0320l01^acd
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.529 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).