CVE-2021-35528

Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)

CVSS 7.2 HIGHEPSS 0.3%CWE-284

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 nov 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Productos afectados

Hitachi Energy · Counterparty Settlement and Billing (CSB)Hitachi Energy · Retail Operations

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch