CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43999

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 81.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.0

References

http://www.openwall.com/lists/oss-security/2022/01/11/7
https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9
http://www.openwall.com/lists/oss-security/2022/01/11/7
https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9

Products affected by CVE-2021-43999

Apache » Guacamole » Version: 1.2.0

cpe:2.3:a:apache:guacamole:1.2.0
Apache » Guacamole » Version: 1.3.0

cpe:2.3:a:apache:guacamole:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43999

Products

Pricing

Contact Us