Lucene search

TR-CERTCVELIST:CVE-2021-45031

HistoryMar 30, 2022 - 7:55 p.m.

CVE-2021-45031 Weak Authentication in Login Function of USC+

2022-03-3019:55:10

CWE-305

TR-CERT

www.cve.org

vulnerability

mepsan

usc+

weak authentication

high privileged accounts

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

A vulnerability in MEPSAN’s USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "USC+",
    "vendor": "Mepsan",
    "versions": [
      {
        "lessThan": "3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-22-0269

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

Related for CVELIST:CVE-2021-45031