CVE-2021-27215

An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
Configurations

Configuration 1

cpe:2.3:a:genua:genuagate:10.1:p1:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:10.1:p2:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:10.1:p3:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:10.1:-:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:*:*:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:-:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p1:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p2:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p3:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p4:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p5:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p6:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p7:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p8:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p9:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p10:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p11:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p12:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p13:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p14:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p15:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p16:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p17:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p18:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:*:*:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p2:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p3:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p4:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p5:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p6:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:-:*:*:*:*:*:*

Information

Published : 2021-03-03 04:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-27215

Mitre link : CVE-2021-27215

Products Affected
No products.
CWE