CVE-2021-44522
HIGHSiPass integrated V2.76, V2.80, V2.85 and Siveillance Identity < V1.6.284.0 - Unauthenticated Message Broker Access
Title source: llmDescription
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf
Scores
CVSS v3
7.5
EPSS
0.0043
EPSS Percentile
62.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-668
Status
published
Products (5)
siemens/sipass_integrated
2.76 (2 CPE variants)
siemens/sipass_integrated
2.80
siemens/sipass_integrated
2.85
siemens/siveillance_identity
1.5
siemens/siveillance_identity
1.6 - 1.6.280.0
Published
Dec 14, 2021
Tracked Since
Feb 18, 2026