Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
References
Link | Resource |
---|---|
https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps | Vendor Advisory |
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver | Vendor Advisory |
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps | Vendor Advisory |
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena | Release Notes Vendor Advisory |
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ | Release Notes Vendor Advisory |
https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0 | |
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 | Release Notes Vendor Advisory |
Configurations
History
09 Nov 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server. | |
References |
|
|
21 Jul 2023, 16:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
01 Dec 2022, 22:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
References | (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps - Vendor Advisory | |
References | (MISC) https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 - Release Notes, Vendor Advisory | |
References | (MISC) https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps - Vendor Advisory | |
References | (MISC) https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver - Vendor Advisory | |
References | (CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0 - Third Party Advisory | |
References | (MISC) https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena - Release Notes, Vendor Advisory | |
References | (MISC) https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ - Release Notes, Vendor Advisory | |
First Time |
Velneo vclient
Velneo |
|
CWE | CWE-290 | |
CPE | cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:* |
01 Dec 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2022, 18:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-28 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-45036
Mitre link : CVE-2021-45036
CVE.ORG link : CVE-2021-45036
JSON object : View
Products Affected
velneo
- vclient