CVE-2021-28248

Exploit

EPSS 0.24%
Published 26.03.2021 08:15:13
Last modified 21.11.2024 05:59:24
Source cve@mitre.org
Teams watchlist Login
Open Login

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Broadcom ≫ Ehealth Version <= 6.3.2.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.44

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://n4nj0.github.io/advisories/ca-ehealth-performance-manager/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-28248

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28248

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28248

EUVD