CVE-2021-33895

Name of the Vulnerable Software and Affected Versions: ETINET BACKBOX E4.09 version 22SEP2020 ETINET BACKBOX H4.09 version T0954V04^AAO

Description: The issue arises from the mismanagement of password access control in ETINET BACKBOX. When a user logs in to the Backbox UI application using the User ID of the process running BBSV, the system procedure USER AUTHENTICATE returns 0, indicating no error, if the user is not running the XYGate application. This leads to BBSV assuming the password is correct.

Recommendations: For ETINET BACKBOX E4.09 version 22SEP2020, update to version E4.10-19OCT2022, which includes the hotfix FIXPAK-19OCT-2022. For ETINET BACKBOX H4.09 version T0954V04^AAO, at the moment, there is no information about a newer version that contains a fix for this issue.