CVE-2021-21963

HIGH Year: 2021
CVSS v3 Score
7.4
High
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-311
View all →

Vulnerability Description

An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Related Vulnerabilities

CVE-2016-10552

HIGH
CVSS:7.4(High)

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.

CWE-3112016

CVE-2017-15397

HIGH
CVSS:7.4(High)

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests...

CWE-3112017

CVE-2018-5481

HIGH
CVSS:7.4(High)

OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MIT...

CWE-3112018

CVE-2019-11405

HIGH
CVSS:7.4(High)

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved depend...

CWE-3112019

CVE-2021-40366

HIGH
CVSS:7.4(High)

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data wit...

CWE-3112021

CVE-2023-4420

HIGH
CVSS:7.4(High)

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the commu...

CWE-3112023