CVE-2021-45036

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
References
Link Resource
https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps Vendor Advisory
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena Release Notes Vendor Advisory
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ Release Notes Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 Release Notes Vendor Advisory
https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps Vendor Advisory
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps Vendor Advisory
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena Release Notes Vendor Advisory
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ Release Notes Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
References () https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps - Vendor Advisory () https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps - Vendor Advisory
References () https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver - Vendor Advisory () https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver - Vendor Advisory
References () https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps - Vendor Advisory () https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps - Vendor Advisory
References () https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena - Release Notes, Vendor Advisory () https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena - Release Notes, Vendor Advisory
References () https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ - Release Notes, Vendor Advisory () https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ - Release Notes, Vendor Advisory
References () https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0 - () https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0 -
References () https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 - Release Notes, Vendor Advisory () https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : 7.4
v2 : unknown
v3 : 8.7

16 Sep 2024, 18:15

Type Values Removed Values Added
Summary (en) Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server. (en) Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

21 Jul 2023, 16:45

Type Values Removed Values Added
CWE CWE-290 CWE-287

01 Dec 2022, 22:51

Type Values Removed Values Added
CPE cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*
CWE CWE-290
References (MISC) https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ - (MISC) https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ - Release Notes, Vendor Advisory
References (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena - (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena - Release Notes, Vendor Advisory
References (MISC) https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps - (MISC) https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps - Vendor Advisory
References (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps - (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps - Vendor Advisory
References (CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0 - (CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0 - Third Party Advisory
References (MISC) https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 - (MISC) https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 - Release Notes, Vendor Advisory
References (MISC) https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver - (MISC) https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.4

01 Dec 2022, 14:15

Type Values Removed Values Added
References
  • (MISC) https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ -
  • (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena -
  • (MISC) https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps -
  • (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps -
  • (MISC) https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 -
  • (MISC) https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver -

28 Nov 2022, 18:44

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-28 16:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-45036

Mitre link : CVE-2021-45036

CVE.ORG link : CVE-2021-45036


JSON object : View

Products Affected

velneo

  • vclient
CWE
CWE-290

Authentication Bypass by Spoofing

CWE-287

Improper Authentication