PT-2021-20212 · Cleo · Cleo Lexicom

Stephen Breen

Published

2021-06-18

Updated

2022-07-12

CVE-2021-33577

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cleo LexiCom version 5.5.0.0

Description An issue allows the bypass of the requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message. This can be achieved by changing the Content-Type of the message to text/plain.

Recommendations For Cleo LexiCom version 5.5.0.0, as a temporary workaround, consider restricting changes to the Content-Type of AS2 messages to prevent bypassing sender identification requirements. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-33577

Affected Products

Cleo Lexicom

PT-2021-20212 · Cleo · Cleo Lexicom

CVE-2021-33577

Related Identifiers

Affected Products

References · 5