CVE-2021-28171

Critical

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by…

twcert·CWE-522·Published 2021-04-06

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

174 chars

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.

NVDen

174 chars

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.

El Vangene deltaFlow E-platform, no toma las medidas de protección apropiadas. Los atacantes pueden obtener permisos privilegiados remotamente al manipular los datos de los usuarios en la cookie

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H