7.5

CVE-2021-27400

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HashicorpVault SwEdition- Version < 1.6.4
HashicorpVault SwEditionenterprise Version < 1.6.4
HashicorpVault SwEdition- Version >= 1.7.0 < 1.7.1
HashicorpVault SwEditionenterprise Version >= 1.7.0 < 1.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.404
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.