Vulnerability Details CVE-2021-45036
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 8.7
References
- https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps
- https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver
- https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps
- https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena
- https://velneo.es/mivelneo/listado-de-cambios-velneo-32/
- https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
- https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32
- https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps
- https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver
- https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps
- https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena
- https://velneo.es/mivelneo/listado-de-cambios-velneo-32/
- https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
- https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32