CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AC:L/AV:L/A:N/C:H/I:N/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
iongroupwallstreet_suite
7.4.83
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://client-connect.iongroup.com/library/content/treasury-management/wallstreet-suite/security/suite-7-4-83/user-passwords/
https://excellium-services.com/cert-xlm-advisory/CVE-2021-41320
https://iongroup.com/ion-treasury/products/wallstreet-suite/
https://client-connect.iongroup.com/library/content/treasury-management/wallstreet-suite/security/suite-7-4-83/user-passwords/
https://excellium-services.com/cert-xlm-advisory/CVE-2021-41320
https://iongroup.com/ion-treasury/products/wallstreet-suite/