CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-32077

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers
https://www.veritystream.com/legacy/msow-solutions
https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers
https://www.veritystream.com/legacy/msow-solutions

Products affected by CVE-2021-32077

Veritystream » Msow Solutions » Version: N/A

cpe:2.3:a:veritystream:msow_solutions:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-32077

Products

Pricing

Contact Us