CVE-2021-44207

Warning

EPSS 12.36%
Published 21.12.2021 18:15:08
Last modified 07.03.2025 17:12:53
Source cve@mitre.org
Teams watchlist Login
Open Login

Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.

Affected products Warnungen 1 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Acclaimsystems ≫ Usaherds Version <= 7.4.0.1

23.12.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability

Vulnerability

Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.36%	0.937

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0012/MNDT-2021-0012.md

Third Party Advisory

https://www.acclaimsystems.com

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-44207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44207

EUVD