CVE-2021-33577

Published: Jun 18, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

Affected (1)

Products: Cleo: Lexicom

Cleo

1 product

Lexicom

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cleo Lexicom	Version 5.5.0.0

References (4)

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cleo.com/cleo-lexicom

Source: cve@mitre.org

Product

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.cleo.com/cleo-lexicom

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.