CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.5%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md
https://www.cleo.com/cleo-lexicom
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md
https://www.cleo.com/cleo-lexicom

Products affected by CVE-2021-33577

Cleo » Lexicom » Version: 5.5.0.0

cpe:2.3:a:cleo:lexicom:5.5.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-33577

Products

Pricing

Contact Us