CVE Vulnerability

CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cleo.com/cleo-lexicom Product
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cleo:lexicom:5.5.0.0:*:*:*:*:*:*:*
Information

Published : 2021-06-18 11:15

Updated : 2022-07-12 05:42

NVD link : CVE-2021-33577

Mitre link : CVE-2021-33577

Products Affected
No products.
CWE
NVD-CWE-Other