PT-2021-21121 · Unknown · Echo Sharecare

Nick Nam

Published

2021-07-13

Updated

2022-05-03

CVE-2021-36124

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Echo ShareCare version 8.15.5

Description: An issue was discovered where Echo ShareCare does not perform authentication or authorization checks when accessing a subset of sensitive resources. This allows unauthenticated users to access pages that are vulnerable to attacks such as SQL injection.

Recommendations: For Echo ShareCare version 8.15.5, consider restricting access to sensitive resources until a patch is available. As a temporary workaround, implement additional authentication and authorization checks for accessing sensitive pages to minimize the risk of exploitation.

Fix

Missing Authorization

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-306

Related Identifiers

CVE-2021-36124

Affected Products

Echo Sharecare

PT-2021-21121 · Unknown · Echo Sharecare

CVE-2021-36124

Weakness Enumeration

Related Identifiers

Affected Products

References · 4