CVE-2021-28293

Published: Jun 8, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.

Affected (1)

Products: Seceon: Aisiem

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Seceon Aisiem	Before 6.3.2

Related CWEs

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (4)

https://0xdb9.in/2021/06/07/cve-2021-28293.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.seceon.com/advanced-siem-aisiem

Source: cve@mitre.org

ProductVendor Advisory

https://0xdb9.in/2021/06/07/cve-2021-28293.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.seceon.com/advanced-siem-aisiem

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.