CVE-2021-44207

Warnung

EPSS 12.36%
Veröffentlicht 21.12.2021 18:15:08
Zuletzt bearbeitet 07.03.2025 17:12:53
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Acclaimsystems ≫ Usaherds Version <= 7.4.0.1

23.12.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability

Schwachstelle

Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.36%	0.937

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0012/MNDT-2021-0012.md

Third Party Advisory

https://www.acclaimsystems.com

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-44207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44207

EUVD