CVE-2021-32729

MEDIUM Year: 2021
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-693
View all →

Vulnerability Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading.

Related Vulnerabilities

CVE-2019-13924

MEDIUM
CVSS:5.4(Medium)

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X...

CWE-6932019

CVE-2024-20438

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of...

CWE-6932024

CVE-2024-30050

MEDIUM
CVSS:5.4(Medium)

Windows Mark of the Web Security Feature Bypass Vulnerability

CWE-6932024

CVE-2024-38217

MEDIUM
CVSS:5.4(Medium)

Windows Mark of the Web Security Feature Bypass Vulnerability

CWE-6932024

CVE-2024-38874

MEDIUM
CVSS:5.4(Medium)

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference ...

CWE-6932024