CVE-2021-43935

EUVD-2021-30797
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
baxterwelch_allyn_connex_cardio
1.0.0 ≤
𝑥
≤ 1.1.1
baxterwelch_allyn_diagnostic_cardiology_suite
2.1.0
baxterwelch_allyn_rscribe_resting_ecg_system
5.01 ≤
𝑥
≤ 7.0.0
baxterwelch_allyn_vision_express_holter_analysis_system
6.1.0 ≤
𝑥
≤ 6.4.0
baxterwelch_allyn_hscribe_holter_analysis_system_firmware
5.01 ≤
𝑥
≤ 6.4.0
baxterwelch_allyn_q-stress_cardiac_stress_testing_system_firmware
6.0.0 ≤
𝑥
≤ 6.3.1
baxterwelch_allyn_xscribe_cardiac_stress_testing_system_firmware
5.01 ≤
𝑥
≤ 6.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01
https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01