hpe web_viewpoint 使用捕获-重放进行的认证绕过

CVE编号

CVE-2021-22267

利用情况

暂无

补丁情况

N/A

披露时间

2021-02-10

漏洞描述

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://idelji.com
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns...
https://techpartner.ext.hpe.com/TechPartner/PartnerDetail.xhtml?Partner=Idelji

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	hpe	nonstop	-	-
	运行在以下环境
	应用	hpe	web_viewpoint	*	From (including) 06.03	Up to (including) 06.23.01
	运行在以下环境
	应用	hpe	web_viewpoint	*	From (including) 15.08.00	Up to (including) 19.08.00
	运行在以下环境
	应用	hpe	web_viewpoint	*	From (including) t0320h01\^abw	Up to (including) t0320h01\^acc
	运行在以下环境
	应用	hpe	web_viewpoint	*	From (including) t0952h01\^aaq	Up to (including) t0952h01\^aaw
	运行在以下环境
	应用	hpe	web_viewpoint	*	From (including) t0952l01\^aar	Up to (including) t0952l01\^aax
	运行在以下环境
	应用	hpe	web_viewpoint	*	From (including) t0986h01\^aac	Up to (including) t0986h01\^aai
	运行在以下环境
	应用	hpe	web_viewpoint	*	From (including) t0986l01\^aad	Up to (including) t0986l01\^aaj
	运行在以下环境
	应用	hpe	web_viewpoint	15.02.00	-
	运行在以下环境
	应用	hpe	web_viewpoint	15.02.01	-
	运行在以下环境
	应用	hpe	web_viewpoint	t0320l01^aby	-
	运行在以下环境
	应用	hpe	web_viewpoint	t0320l01^acd	-

CVSS3评分 5.9

• 攻击路径 网络
• 攻击复杂度 高
• 权限要求 无
• 影响范围 未更改
• 用户交互 无
• 可用性 无
• 保密性 高
• 完整性 无

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-ID	漏洞类型
CWE-294	使用捕获-重放进行的认证绕过

Exp相关链接

- avd.aliyun.com