CVE-2021-26845 — Incorrect Authorization in Esoms

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hitachienergy Esoms

Timeline

PublishedJun 14

Latest updateMay 24

Description

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDhitachienergy/esoms6.0 — 6.0.4.2.2+1

🔴Vulnerability Details

GHSA

GHSA-r64q-3fpg-c3hr: Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access t↗2022-05-24

▶

CVEList

eSOMS Report Function Vulnerability↗2021-06-14

▶