9.8

CVE-2021-28293

Exploit

EPSS 1.78%
Veröffentlicht 08.06.2021 18:15:08
Zuletzt bearbeitet 21.11.2024 05:59:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Seceon ≫ Aisiem Version < 6.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.78%	0.81

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://0xdb9.in/2021/06/07/cve-2021-28293.html

Third Party Advisory

Exploit

https://www.seceon.com/advanced-siem-aisiem

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2021-28293

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28293

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28293

EUVD