CVE-2021-44166

MEDIUM Year: 2021
CVSS v3 Score
4.1
Medium
CVSS v2 Score
3.5
Low
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.

Related Vulnerabilities

CVE-2016-0668

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors re...

NVD-CWE-Other2016

CVE-2016-5463

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related t...

NVD-CWE-Other2016

CVE-2016-5464

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related t...

NVD-CWE-Other2016

CVE-2016-5559

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.

NVD-CWE-Other2016

CVE-2017-10268

MEDIUM
CVSS:4.1(Medium)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier....

NVD-CWE-Other2017

CVE-2018-2773

MEDIUM
CVSS:4.1(Medium)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult...

NVD-CWE-Other2018