CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2021-44524

CVSS 9.8v3.1pub. 2021-12-14upd. 2024-11-21

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Siemens Sipass Integrated

    APP
    Siemens
    2.762.802.85
  • Siemens Siveillance Identity

    APP
    Siemens
    1.51.6 – 1.6.284.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-45046CRITICAL9.0⚠ KEVten sam produkt

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2021-44523CRITICAL9.1ten sam produkt

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All ve...

CVE-2017-9939CRITICAL9.8ten sam produkt

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an at...

CVE-2021-44524 β€” Siemens β€” Sipass Integrated β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl