← Back

CVE-2021-22267

nvd nist
Published: Feb 9, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).

Affected (11)

Products: Hpe: Web Viewpoint
Hpe
1 product
Web Viewpoint
Configuration A
11 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hpe
Web Viewpoint
From 06.03 to 06.23.01
Web Viewpoint
From 15.08.00 to 19.08.00
Web Viewpoint
From t0320h01\^abw to t0320h01\^acc
Web Viewpoint
From t0952h01\^aaq to t0952h01\^aaw
Web Viewpoint
From t0952l01\^aar to t0952l01\^aax
Web Viewpoint
From t0986h01\^aac to t0986h01\^aai
Web Viewpoint
From t0986l01\^aad to t0986l01\^aaj
Web Viewpoint
Version 15.02.00
Web Viewpoint
Version 15.02.01
Web Viewpoint
Version t0320l01^aby
Web Viewpoint
Version t0320l01^acd
Running on/withPlatform Versions
Hpe
Nonstop
All versions

Related CWEs

CWE-294
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (6)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.