CVE-2021-44523

CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.4%

top 38.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Siveillance Identity Siemens Sipass Integrated V2.76 Siemens Sipass Integrated V2.80 +4 more

Timeline

PublishedDec 14

Latest updateDec 15

Description

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages7 packages

▶NVDsiemens/sipass_integrated2.76, 2.80, 2.85+2

▶CVEListV5siemens/sipass_integrated_v2.76All versions

▶CVEListV5siemens/sipass_integrated_v2.80All versions

▶CVEListV5siemens/sipass_integrated_v2.85All versions

▶NVDsiemens/siveillance_identity1.6 — 1.6.280.0+1

🔴Vulnerability Details

GHSA

GHSA-wf58-48gj-3f44: A vulnerability has been identified in SiPass integrated V2↗2021-12-15

▶

CVEList

CVE-2021-44523: A vulnerability has been identified in SiPass integrated V2↗2021-12-14

▶