CVE-2021-44522

Summary

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.

Affected Software

VendorProductVersion RangeStatus
SiemensSiPass integrated V2.76All versionsaffected
SiemensSiPass integrated V2.80All versionsaffected
SiemensSiPass integrated V2.85All versionsaffected
SiemensSiveillance Identity V1.5All versionsaffected
SiemensSiveillance Identity V1.6All versions < V1.6.284.0affected

Weaknesses

  • CWE-668: CWE-668: Exposure of Resource to Wrong Sphere

ADP Enrichment

CVE Program Container

Additional References

References