7.5
CVE-2021-44522
- EPSS 0.43%
- Veröffentlicht 14.12.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 06:31:09
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Sipass Integrated Version2.76 Update-
Siemens ≫ Sipass Integrated Version2.76 Updatesp1
Siemens ≫ Sipass Integrated Version2.80
Siemens ≫ Sipass Integrated Version2.85
Siemens ≫ Siveillance Identity Version >= 1.6 <= 1.6.280.0
Siemens ≫ Siveillance Identity Version1.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.597 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.