CVE-2021-29628 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Affected Products (NVD)

Vendor	Product	Version
freebsd	freebsd	12.2
freebsd	freebsd	12.2:beta1-p1
freebsd	freebsd	12.2:p1
freebsd	freebsd	12.2:p2
freebsd	freebsd	12.2:p3
freebsd	freebsd	12.2:p4
freebsd	freebsd	12.2:p5
freebsd	freebsd	12.2:p6
freebsd	freebsd	13.0
freebsd	freebsd	13.0:beta3-p1
freebsd	freebsd	13.0:rc3
freebsd	freebsd	13.0:rc4
freebsd	freebsd	13.0:rc5-p1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc

https://security.netapp.com/advisory/ntap-20210713-0002/

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc

https://security.netapp.com/advisory/ntap-20210713-0002/