How severe is CVE-2021-42791?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2021-42791?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2021-42791

HIGH Year: 2021

CVSS v3 Score

7.3

High

CVSS v2 Score

4.9

Medium

Weakness Type

CWE-444

View all →

Vulnerability Description

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.

CVE-2023-25950

HIGH

CVSS:7.3(High)

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive...

CWE-4442023

CVE-2023-40225

HIGH

CVSS:7.2(High)

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers...

CWE-4442023

CVE-2017-15643

HIGH

CVSS:7.4(High)

An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum a...

CWE-4442017

CVE-2020-8201

HIGH

CVSS:7.4(High)

Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, ...

CWE-4442020

CVE-2023-4639

HIGH

CVSS:7.4(High)

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltra...

CWE-4442023

CVE-2024-12397

HIGH

CVSS:7.4(High)

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfi...

CWE-4442024

CVE-2021-42791

Vulnerability Description

Related Vulnerabilities

CVE-2023-25950

CVE-2023-40225

CVE-2017-15643

CVE-2020-8201

CVE-2023-4639

CVE-2024-12397