CVE-2021-32002

EPSS 0.23%
Veröffentlicht 05.08.2021 21:15:11
Zuletzt bearbeitet 21.11.2024 06:06:41
Quelle VulnerabilityReporting@secomea
CVE-Watchlists
Login
Unerledigt
Login

SiteManager troubleshooter allows access without authentication from local network

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Secomea ≫ Sitemanager Firmware Version < 9.5.621256022

Secomea ≫ Sitemanager Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
VulnerabilityReporting@secomea.com	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.secomea.com/support/cybersecurity-advisory

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32002

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-32002