CVE-2021-28293

CRITICAL

Seceon aiSIEM <6.3.2 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://0xdb9.in/2021/06/07/cve-2021-28293.html
Product, Vendor Advisory x_refsource_misc
https://www.seceon.com/advanced-siem-aisiem

Scores

CVSS v3 9.8
EPSS 0.0159
EPSS Percentile 72.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-640
Status published
Products (1)
seceon/aisiem < 6.3.2
Published Jun 08, 2021
Tracked Since Feb 18, 2026