CVE-2021-33895

Name: CVE-2021-33895
Creator: NVD / NIST
Published: 2021-06-25T14:15:09.87+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 0.91%

Last modified Jun 17, 2026

CVE-2021-33895 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). EPSS estimates a 0.91% chance of exploitation in the next 30 days.

Description

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. For E4.09, the affected version is 22SEP2020. Note: If your current version is E4.10-16MAY2021 (version procedure T9999V04_16MAY2022_BPAKETI_10), a hotfix (FIXPAK-19OCT-2022) is available in version E4.10-19OCT2022. Resolution to CVE-2021-33895 in version E4.11-19OCT2022

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.91%

55.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Hpe	Backbox H4.09 Firmware	t0954v04\^aao
Etinet	Backbox E4.09 Firmware	2020-09-22

References

https://etinet.com/products/backbox-virtual-tape-controller/Release Notes, Vendor Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04172en_usVendor Advisory
https://etinet.com/products/backbox-virtual-tape-controller/Release Notes, Vendor Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04172en_usVendor Advisory

Timeline

Published: Jun 25, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-33895?

How severe is CVE-2021-33895?

CVE-2021-33895 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.91% probability of exploitation in the next 30 days.

How do I fix CVE-2021-33895?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-33895?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST