9.8
CVE-2021-22850
- EPSS 0.99%
- Veröffentlicht 19.01.2021 10:15:15
- Zuletzt bearbeitet 21.11.2024 05:50:45
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginHGiga OAKloud Portal - Security Misconfiguration
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hgiga ≫ Oaklouds Portal Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.579 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| twcert@cert.org.tw | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef
https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html