Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
References
Configurations
History
21 Nov 2024, 06:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps - Vendor Advisory | |
References | () https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver - Vendor Advisory | |
References | () https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps - Vendor Advisory | |
References | () https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena - Release Notes, Vendor Advisory | |
References | () https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ - Release Notes, Vendor Advisory | |
References | () https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0 - | |
References | () https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.7 |
16 Sep 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server. |
21 Jul 2023, 16:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
01 Dec 2022, 22:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:* | |
CWE | CWE-290 | |
References | (MISC) https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ - Release Notes, Vendor Advisory | |
References | (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena - Release Notes, Vendor Advisory | |
References | (MISC) https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps - Vendor Advisory | |
References | (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps - Vendor Advisory | |
References | (CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0 - Third Party Advisory | |
References | (MISC) https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 - Release Notes, Vendor Advisory | |
References | (MISC) https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
01 Dec 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2022, 18:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-28 16:15
Updated : 2024-11-21 06:31
NVD link : CVE-2021-45036
Mitre link : CVE-2021-45036
CVE.ORG link : CVE-2021-45036
JSON object : View
Products Affected
velneo
- vclient