CVE-2021-44524

Summary

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

Affected Software

VendorProductVersion RangeStatus
SiemensSiPass integrated V2.76All versionsaffected
SiemensSiPass integrated V2.80All versionsaffected
SiemensSiPass integrated V2.85All versionsaffected
SiemensSiveillance Identity V1.5All versionsaffected
SiemensSiveillance Identity V1.6All versions < V1.6.284.0affected

Weaknesses

  • CWE-668: CWE-668: Exposure of Resource to Wrong Sphere

ADP Enrichment

CVE Program Container

Additional References

References