Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Velneo
CVE-2021-45036 (GCVE-0-2021-45036)
Vulnerability from cvelistv5 – Published: 2022-11-28 15:29 – Updated: 2025-04-25 14:59
VLAI
Title
Velneo vClient improper authentication
Summary
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Velneo | Velneo vClient |
Affected:
28.1.3
|
Date Public
2022-11-22 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena"
},
{
"tags": [
"x_transferred"
],
"url": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T14:59:33.236304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:59:40.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Velneo vClient",
"vendor": "Velneo",
"versions": [
{
"status": "affected",
"version": "28.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jes\u00fas R\u00f3denas Huerta, @Marmeus"
}
],
"datePublic": "2022-11-22T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVelneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server.\u003c/span\u003e"
}
],
"value": "Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T16:02:44.992Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0"
},
{
"url": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32"
},
{
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena"
},
{
"url": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/"
},
{
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps"
},
{
"url": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps"
},
{
"url": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022.\u003c/span\u003e"
}
],
"value": "This vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022."
}
],
"source": {
"advisory": "INCIBE-2022-1017",
"defect": [
"INCIBE-2021-0028"
],
"discovery": "EXTERNAL"
},
"title": "Velneo vClient improper authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-45036",
"datePublished": "2022-11-28T15:29:02.063Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:59:40.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45035 (GCVE-0-2021-45035)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:02 – Updated: 2025-05-22 18:24
VLAI
Title
Velneo vClient Improper authentication
Summary
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.incibe-cert.es/en/early-warning/secur… | x_refsource_CONFIRM |
| https://velneo.es/publicacion-de-incidencia-de-se… | x_refsource_CONFIRM |
| https://www.velneo.com/blog/nueva-revision-velneo-29-2 | x_refsource_MISC |
| https://doc.velneo.com/v/29/velneo/notas-de-la-ve… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Velneo | Velneo vClient |
Affected:
28.1.3
|
Date Public
2022-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:44:57.452184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:24:43.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Velneo vClient",
"vendor": "Velneo",
"versions": [
{
"status": "affected",
"version": "28.1.3"
}
]
}
],
"datePublic": "2022-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user\u00b4s credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T19:36:39.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Velneo team in the 29.2 version, released on 29/06/2021."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Velneo vClient Improper authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-09-16T08:00:00.000Z",
"ID": "CVE-2021-45035",
"STATE": "PUBLIC",
"TITLE": "Velneo vClient Improper authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Velneo vClient",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "28.1.3",
"version_value": "28.1.3"
}
]
}
}
]
},
"vendor_name": "Velneo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user\u00b4s credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication"
},
{
"name": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/",
"refsource": "CONFIRM",
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/"
},
{
"name": "https://www.velneo.com/blog/nueva-revision-velneo-29-2",
"refsource": "MISC",
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
},
{
"name": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados",
"refsource": "MISC",
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Velneo team in the 29.2 version, released on 29/06/2021."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-45035",
"datePublished": "2022-09-23T15:02:18.737Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:24:43.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}