← Volver a CVEs

CVE-2021-35048

CRITICAL

9.8

Descripcion

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado6/25/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

fidelissecurity:deceptionfidelissecurity:network

Debilidades (CWE)

CWE-89CWE-89

Referencias

https://support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-News-and-Policies(security@fidelissecurity.com)

https://www.securifera.com/blog/2021/06/24/operation-eagle-eye/(security@fidelissecurity.com)

https://support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-News-and-Policies(af854a3a-2127-422b-91ae-364da2661108)

https://www.securifera.com/blog/2021/06/24/operation-eagle-eye/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.