9.8
CVE-2021-44524
- EPSS 0.58%
- Veröffentlicht 14.12.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 06:31:09
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Sipass Integrated Version2.76 Update-
Siemens ≫ Sipass Integrated Version2.76 Updatesp1
Siemens ≫ Sipass Integrated Version2.80
Siemens ≫ Sipass Integrated Version2.85
Siemens ≫ Siveillance Identity Version >= 1.6 <= 1.6.284.0
Siemens ≫ Siveillance Identity Version1.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.679 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.