CVE-2021-44522

CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 37.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Siveillance Identity Siemens Sipass Integrated V2.76 Siemens Sipass Integrated V2.80 +4 more

Timeline

PublishedDec 14

Latest updateDec 15

Description

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDsiemens/sipass_integrated2.76, 2.80, 2.85+2

▶CVEListV5siemens/sipass_integrated_v2.76All versions

▶CVEListV5siemens/sipass_integrated_v2.80All versions

▶CVEListV5siemens/sipass_integrated_v2.85All versions

▶NVDsiemens/siveillance_identity1.6 — 1.6.280.0+1

🔴Vulnerability Details

GHSA

GHSA-wv3w-fcvm-p52v: A vulnerability has been identified in SiPass integrated V2↗2021-12-15

▶

CVEList

CVE-2021-44522: A vulnerability has been identified in SiPass integrated V2↗2021-12-14

▶