CVE-2021-32077

Exploit

EPSS 0.36%
Veröffentlicht 06.05.2021 23:15:07
Zuletzt bearbeitet 21.11.2024 06:06:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Veritystream ≫ Msow Solutions Version < 3.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.575

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers

Third Party Advisory

Exploit

https://www.veritystream.com/legacy/msow-solutions

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32077

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32077

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32077

EUVD