9.8
CVE-2021-43935
- EPSS 0.2%
- Veröffentlicht 15.12.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 06:30:01
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginThe impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Baxter ≫ Welch Allyn Connex Cardio Version >= 1.0.0 <= 1.1.1
Baxter ≫ Welch Allyn Diagnostic Cardiology Suite Version2.1.0
Baxter ≫ Welch Allyn Rscribe Resting Ecg System Version >= 5.01 <= 7.0.0
Baxter ≫ Welch Allyn Vision Express Holter Analysis System Version >= 6.1.0 <= 6.4.0
Baxter ≫ Welch Allyn Hscribe Holter Analysis System Firmware Version >= 5.01 <= 6.4.0
Baxter ≫ Welch Allyn Q-stress Cardiac Stress Testing System Firmware Version >= 6.0.0 <= 6.3.1
Baxter ≫ Welch Allyn Xscribe Cardiac Stress Testing System Firmware Version >= 5.01 <= 6.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.419 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.