CVE-2021-44523

CRITICAL Year: 2021
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-668
View all →

Vulnerability Description

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.

Related Vulnerabilities

CVE-2007-3915

CRITICAL
CVSS:9.1(Critical)

Mondo 2.24 has insecure handling of temporary files.

CWE-6682007

CVE-2009-5042

CRITICAL
CVSS:9.1(Critical)

python-docutils allows insecure usage of temporary files

CWE-6682009

CVE-2017-5648

CRITICAL
CVSS:9.1(Critical)

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the...

CWE-6682017

CVE-2020-16263

CRITICAL
CVSS:9.1(Critical)

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.

CWE-6682020

CVE-2020-22647

CRITICAL
CVSS:9.1(Critical)

An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions.

CWE-6682020

CVE-2020-5887

CRITICAL
CVSS:9.1(Critical)

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.

CWE-6682020