Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-45036
Modified
More InfoOfficial Page
Source-cve-coordination@incibe.es
View Known Exploited Vulnerability (KEV) details
Published At-28 Nov, 2022 | 16:15
Updated At-16 Sep, 2024 | 18:15

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Secondary3.18.7HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CPE Matches

velneo
velneo
>>vclient>>28.1.3
cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE-290Secondarycve-coordination@incibe.es
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-290
Type: Secondary
Source: cve-coordination@incibe.es
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatpscve-coordination@incibe.es
Vendor Advisory
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vservercve-coordination@incibe.es
Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatpscve-coordination@incibe.es
Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasenacve-coordination@incibe.es
Release Notes
Vendor Advisory
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/cve-coordination@incibe.es
Release Notes
Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0cve-coordination@incibe.es
N/A
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32cve-coordination@incibe.es
Release Notes
Vendor Advisory
Hyperlink: https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps
Source: cve-coordination@incibe.es
Resource:
Vendor Advisory
Hyperlink: https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver
Source: cve-coordination@incibe.es
Resource:
Vendor Advisory
Hyperlink: https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps
Source: cve-coordination@incibe.es
Resource:
Vendor Advisory
Hyperlink: https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena
Source: cve-coordination@incibe.es
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://velneo.es/mivelneo/listado-de-cambios-velneo-32/
Source: cve-coordination@incibe.es
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
Source: cve-coordination@incibe.es
Resource: N/A
Hyperlink: https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32
Source: cve-coordination@incibe.es
Resource:
Release Notes
Vendor Advisory
Change History
0Changes found

Details not found