PT-2021-20342 · Luca · Luca
Lasse Wolter
·
Published
2021-06-03
·
Updated
2022-07-12
·
CVE-2021-33840
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Luca versions 1.1.14 and earlier
Description:
The issue allows remote attackers to cause a denial of service by inserting many fake records related to COVID-19. This is because Phone Number data lacks a digital signature.
Recommendations:
For versions 1.1.14 and earlier, consider implementing digital signatures for Phone Number data to prevent the insertion of fake records. As a temporary workaround, restrict access to the server to minimize the risk of exploitation.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Luca