CVE Vulnerability

CVE-2021-45036

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

7.4 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0 Third Party Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena Release Notes Vendor Advisory
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 Release Notes Vendor Advisory
https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps Vendor Advisory
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ Release Notes Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps Vendor Advisory
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*
Information

Published : 2022-11-28 04:15

Updated : 2022-12-01 10:51

NVD link : CVE-2021-45036

Mitre link : CVE-2021-45036

Products Affected
No products.
CWE
CWE-290

Authentication Bypass by Spoofing