CVE-2021-28248Improper Restriction of Excessive Authentication Attempts in Ehealth

CWE-307Improper Restriction of Excessive Authentication Attempts3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 53.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Ehealth
Timeline
PublishedMar 26
Latest updateMay 24

Description

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDbroadcom/ehealth6.3.2.12

🔴Vulnerability Details

2
GHSA
GHSA-8m4g-7q24-6qwq: ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 62022-05-24
CVEList
CVE-2021-28248: CA eHealth Performance Manager through 62021-03-26
CVE-2021-28248 — Broadcom Ehealth vulnerability | cvebase