CVE-2021-28293

CRITICAL

Seceon aiSIEM <6.3.2 - Privilege Escalation

Title source: llm

Description

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.

References (2)

[Exploit, Third Party Advisory] https://0xdb9.in/2021/06/07/cve-2021-28293.html

[Product, Vendor Advisory] https://www.seceon.com/advanced-siem-aisiem

Scores

CVSS v3 9.8

EPSS 0.0178

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (1)

seceon/aisiem < 6.3.2

Published Jun 08, 2021

Tracked Since Feb 18, 2026