How severe is CVE-2021-35530?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2021-35530?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2021-35530 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Related Vulnerabilities

CVE-2019-5455

MEDIUM

CVSS:6.8(Medium)

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.

CWE-2882019

CVE-2020-1618

MEDIUM

CVSS:6.8(Medium)

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certa...

CWE-2882020

CVE-2022-26865

MEDIUM

CVSS:6.8(Medium)

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by b...

CWE-2882022

CVE-2025-0549

MEDIUM

CVSS:6.8(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows at...

CWE-2882025

CVE-2018-10841

MEDIUM

CVSS:6.6(Medium)

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool...

CWE-2882018

CVE-2020-13185

MEDIUM

CVSS:6.5(Medium)

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attac...

CWE-2882020