CVE-2021-22573

HIGH Year: 2021
CVSS v3 Score
7.3
High
CVSS v2 Score
3.5
Low
Weakness Type
CWE-347
View all →

Vulnerability Description

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

Related Vulnerabilities

CVE-2020-25490

HIGH
CVSS:7.3(High)

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.

CWE-3472020

CVE-2021-31841

HIGH
CVSS:7.3(High)

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific loca...

CWE-3472021

CVE-2020-26122

HIGH
CVSS:7.2(High)

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in check...

CWE-3472020

CVE-2020-9047

HIGH
CVSS:7.2(High)

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterpri...

CWE-3472020

CVE-2021-22708

HIGH
CVSS:7.2(High)

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all version...

CWE-3472021

CVE-2021-22734

HIGH
CVSS:7.2(High)

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthori...

CWE-3472021