CVE-2021-45917

CRITICAL Year: 2021
CVSS v3 Score
9.0
Critical
CVSS v2 Score
7.7
High
Weakness Type
CWE-287
View all →

Vulnerability Description

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

Related Vulnerabilities

CVE-2017-2914

CRITICAL
CVSS:9.0(Critical)

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid bi...

CWE-2872017

CVE-2020-2018

CRITICAL
CVSS:9.0(Critical)

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewa...

CWE-2872020

CVE-2020-4427

CRITICAL
CVSS:9.0(Critical)

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafte...

CWE-2872020

CVE-2020-7293

CRITICAL
CVSS:9.0(Critical)

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access con...

CWE-2872020

CVE-2021-27610

CRITICAL
CVSS:9.0(Critical)

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and d...

CWE-2872021