PT-2021-24122 · Unknown · Sipass Integrated+1

Published

2021-12-14

Updated

2021-12-17

CVE-2021-44524

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SiPass integrated versions 2.76 through 2.85 Siveillance Identity versions 1.5 through 1.6.283

Description: A vulnerability has been identified in the affected applications, where they insufficiently limit access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

Recommendations: For SiPass integrated versions 2.76 through 2.85, restrict access to the internal user authentication service until a patch is available. For Siveillance Identity versions 1.5 through 1.6.283, consider disabling the authentication service temporarily to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-668

Related Identifiers

CVE-2021-44524

Affected Products

Sipass Integrated

Siveillance Identity

PT-2021-24122 · Unknown · Sipass Integrated+1

CVE-2021-44524

Weakness Enumeration

Related Identifiers

Affected Products

References · 5