CVE-2021-28248
Last modified
CVE-2021-28248 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Ehealth | <= 6.3.2.12 |
References
- https://n4nj0.github.io/advisories/ca-ehealth-performance-manager/Exploit, Third Party Advisory
- https://n4nj0.github.io/advisories/ca-ehealth-performance-manager/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-28248?
How severe is CVE-2021-28248?
How do I fix CVE-2021-28248?
Are you affected by CVE-2021-28248?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST