Vulnerability Details CVE-2021-38459
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 7.5
References
Products affected by CVE-2021-38459
-
cpe:2.3:a:auvesy:versiondog:4.0.0
-
cpe:2.3:a:auvesy:versiondog:4.5.0
-
cpe:2.3:a:auvesy:versiondog:5.0.0
-
cpe:2.3:a:auvesy:versiondog:5.5.0
-
cpe:2.3:a:auvesy:versiondog:6.0.0
-
cpe:2.3:a:auvesy:versiondog:6.5.0
-
cpe:2.3:a:auvesy:versiondog:6.5.1
-
cpe:2.3:a:auvesy:versiondog:6.5.2
-
cpe:2.3:a:auvesy:versiondog:7.0.0
-
cpe:2.3:a:auvesy:versiondog:7.0.1
-
cpe:2.3:a:auvesy:versiondog:7.0.2
-
cpe:2.3:a:auvesy:versiondog:7.5.0