CVE-2021-44523
CRITICALSiPass integrated V2.76/V2.80/V2.85 and Siveillance Identity < V1.6.284.0 - Unauthenticated Database Access
Title source: llmDescription
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf
Scores
CVSS v3
9.1
EPSS
0.0042
EPSS Percentile
62.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-668
Status
published
Products (5)
siemens/sipass_integrated
2.76 (2 CPE variants)
siemens/sipass_integrated
2.80
siemens/sipass_integrated
2.85
siemens/siveillance_identity
1.5
siemens/siveillance_identity
1.6 - 1.6.280.0
Published
Dec 14, 2021
Tracked Since
Feb 18, 2026