CVE-2021-32002

EPSS 0.04%
Veröffentlicht 05.08.2021 21:15:11
Zuletzt bearbeitet 21.11.2024 06:06:41
Quelle VulnerabilityReporting@secomea
CVE-Watchlists
Login
Unerledigt
Login

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Secomea ≫ Sitemanager Firmware Version < 9.5.621256022

Secomea ≫ Sitemanager Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.123

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
VulnerabilityReporting@secomea.com	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.secomea.com/support/cybersecurity-advisory

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32002

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-32002