CVE-2021-45036 (GCVE-0-2021-45036)
Vulnerability from cvelistv5 – Published: 2022-11-28 15:29 – Updated: 2025-04-25 14:59
VLAI?
Title
Velneo vClient improper authentication
Summary
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
Severity ?
8.7 (High)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Velneo | Velneo vClient |
Affected:
28.1.3
|
Date Public ?
2022-11-22 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena"
},
{
"tags": [
"x_transferred"
],
"url": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps"
},
{
"tags": [
"x_transferred"
],
"url": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T14:59:33.236304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:59:40.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Velneo vClient",
"vendor": "Velneo",
"versions": [
{
"status": "affected",
"version": "28.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jes\u00fas R\u00f3denas Huerta, @Marmeus"
}
],
"datePublic": "2022-11-22T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVelneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server.\u003c/span\u003e"
}
],
"value": "Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T16:02:44.992Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0"
},
{
"url": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32"
},
{
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena"
},
{
"url": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/"
},
{
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps"
},
{
"url": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps"
},
{
"url": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022.\u003c/span\u003e"
}
],
"value": "This vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022."
}
],
"source": {
"advisory": "INCIBE-2022-1017",
"defect": [
"INCIBE-2021-0028"
],
"discovery": "EXTERNAL"
},
"title": "Velneo vClient improper authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-45036",
"datePublished": "2022-11-28T15:29:02.063Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:59:40.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-45036",
"date": "2026-04-25",
"epss": "0.00439",
"percentile": "0.63207"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2802675E-9543-403C-95FF-3CFF1FC01896\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server.\"}, {\"lang\": \"es\", \"value\": \"Velneo vClient en su versi\\u00f3n 28.1.3 podr\\u00eda permitir que un atacante con conocimiento del nombre de usuario y la contrase\\u00f1a hash de la v\\u00edctima falsifique la identificaci\\u00f3n de la v\\u00edctima en el servidor.\"}]",
"id": "CVE-2021-45036",
"lastModified": "2024-11-21T06:31:50.397",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}",
"published": "2022-11-28T16:15:09.090",
"references": "[{\"url\": \"https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://velneo.es/mivelneo/listado-de-cambios-velneo-32/\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0\", \"source\": \"cve-coordination@incibe.es\"}, {\"url\": \"https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://velneo.es/mivelneo/listado-de-cambios-velneo-32/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-45036\",\"sourceIdentifier\":\"cve-coordination@incibe.es\",\"published\":\"2022-11-28T16:15:09.090\",\"lastModified\":\"2024-11-21T06:31:50.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server.\"},{\"lang\":\"es\",\"value\":\"Velneo vClient en su versi\u00f3n 28.1.3 podr\u00eda permitir que un atacante con conocimiento del nombre de usuario y la contrase\u00f1a hash de la v\u00edctima falsifique la identificaci\u00f3n de la v\u00edctima en el servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2802675E-9543-403C-95FF-3CFF1FC01896\"}]}]}],\"references\":[{\"url\":\"https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://velneo.es/mivelneo/listado-de-cambios-velneo-32/\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0\",\"source\":\"cve-coordination@incibe.es\"},{\"url\":\"https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://velneo.es/mivelneo/listado-de-cambios-velneo-32/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://velneo.es/mivelneo/listado-de-cambios-velneo-32/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T04:32:13.641Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-45036\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T14:59:33.236304Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T14:59:37.111Z\"}}], \"cna\": {\"title\": \"Velneo vClient improper authentication\", \"source\": {\"defect\": [\"INCIBE-2021-0028\"], \"advisory\": \"INCIBE-2022-1017\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Jes\\u00fas R\\u00f3denas Huerta, @Marmeus\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Velneo\", \"product\": \"Velneo vClient\", \"versions\": [{\"status\": \"affected\", \"version\": \"28.1.3\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThis vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022.\u003c/span\u003e\", \"base64\": false}]}], \"datePublic\": \"2022-11-22T23:00:00.000Z\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0\"}, {\"url\": \"https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32\"}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena\"}, {\"url\": \"https://velneo.es/mivelneo/listado-de-cambios-velneo-32/\"}, {\"url\": \"https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps\"}, {\"url\": \"https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps\"}, {\"url\": \"https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eVelneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims\u0027s username and hashed password to spoof the victim\u0027s id against the server.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-290\", \"description\": \"CWE-290 Authentication Bypass by Spoofing\"}]}], \"providerMetadata\": {\"orgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"shortName\": \"INCIBE\", \"dateUpdated\": \"2023-11-09T16:02:44.992Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-45036\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-25T14:59:40.409Z\", \"dateReserved\": \"2021-12-13T00:00:00.000Z\", \"assignerOrgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"datePublished\": \"2022-11-28T15:29:02.063Z\", \"assignerShortName\": \"INCIBE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…