Lucene search

[email protected]NVD:CVE-2021-45036

HistoryNov 28, 2022 - 4:15 p.m.

CVE-2021-45036

2022-11-2816:15:09

CWE-290

CWE-287

[email protected]

web.nvd.nist.gov

velneo vclient

spoofing

server-based attack

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.006 Low

EPSS

Percentile

78.7%

JSON

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims’s username and hashed password to spoof the victim’s id against the server.

Affected configurations

NVD

Node

velneovclientMatch28.1.3

References

doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps

doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver

doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps

doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena

velneo.es/mivelneo/listado-de-cambios-velneo-32/

www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0

www.velneo.com/blog/disponible-la-nueva-version-velneo-32

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for NVD:CVE-2021-45036

cvelist1 cve1 prion1