CVE-2021-32077

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.
Configurations

Configuration 1 (hide)

cpe:2.3:a:veritystream:msow_solutions:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:06

Type Values Removed Values Added
References () https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers - Exploit, Third Party Advisory () https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers - Exploit, Third Party Advisory
References () https://www.veritystream.com/legacy/msow-solutions - Vendor Advisory () https://www.veritystream.com/legacy/msow-solutions - Vendor Advisory

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-200 NVD-CWE-Other

19 May 2021, 18:46

Type Values Removed Values Added
References (MISC) https://www.veritystream.com/legacy/msow-solutions - (MISC) https://www.veritystream.com/legacy/msow-solutions - Vendor Advisory
References (MISC) https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers - (MISC) https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers - Exploit, Third Party Advisory
CWE CWE-200
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:veritystream:msow_solutions:*:*:*:*:*:*:*:*

Information

Published : 2021-05-06 23:15

Updated : 2024-11-21 06:06


NVD link : CVE-2021-32077

Mitre link : CVE-2021-32077

CVE.ORG link : CVE-2021-32077


JSON object : View

Products Affected

veritystream

  • msow_solutions