Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.
References
Link | Resource |
---|---|
https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers | Exploit Third Party Advisory |
https://www.veritystream.com/legacy/msow-solutions | Vendor Advisory |
https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers | Exploit Third Party Advisory |
https://www.veritystream.com/legacy/msow-solutions | Vendor Advisory |
Configurations
History
21 Nov 2024, 06:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers - Exploit, Third Party Advisory | |
References | () https://www.veritystream.com/legacy/msow-solutions - Vendor Advisory |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
19 May 2021, 18:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.veritystream.com/legacy/msow-solutions - Vendor Advisory | |
References | (MISC) https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers - Exploit, Third Party Advisory | |
CWE | CWE-200 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:veritystream:msow_solutions:*:*:*:*:*:*:*:* |
Information
Published : 2021-05-06 23:15
Updated : 2024-11-21 06:06
NVD link : CVE-2021-32077
Mitre link : CVE-2021-32077
CVE.ORG link : CVE-2021-32077
JSON object : View
Products Affected
veritystream
- msow_solutions
CWE