← Back

CVE-2021-44522

nvd nist
Published: Dec 14, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.

Affected (6)

Siemens
2 products
Sipass Integrated
Siveillance Identity
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Sipass Integrated
Version 2.76
Sipass Integrated
Version 2.76 sp1
Sipass Integrated
Version 2.80
Sipass Integrated
Version 2.85
Siemens
Siveillance Identity
From 1.6 to 1.6.280.0
Siveillance Identity
Version 1.5

Related CWEs

CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

Source: productcert@siemens.com
Vendor Advisory
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.