Vulnerability Details CVE-2021-38137
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.6%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
- https://www.corero.com/blog/data-sheets-corero-securewatch-managed-services/
- https://www.shielder.it/advisories/corero_secure_watch_managed_services-multiple-broken-access-control/
- https://www.corero.com/blog/data-sheets-corero-securewatch-managed-services/
- https://www.shielder.it/advisories/corero_secure_watch_managed_services-multiple-broken-access-control/
Products affected by CVE-2021-38137
-
cpe:2.3:a:corero:securewatch_managed_services:9.7.2.0020