Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2021-27215

EPSS 0.71% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-27215

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Genua high-resistance-firewall-genugate 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Genua high-resistance-firewall-genugate是德国 (Genua)公司的一个应用软件。提供一个网络防护功能 Genua high-resistance-firewall-genugate 存在访问控制错误漏洞,该漏洞源于在登录期间,身份验证方法不检查提供的数据并对任何身份验证请求返回OK。这允许攻击者以自己选择的用户登录到管理面板,例如,root用户(具有最高权限),甚至是一个不存在的用户。以下产品和版本受到影响:genua genugate before 9.0 Z p
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-27215

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-27215

登录查看更多情报信息。

Other References for CVE-2021-27215 (3)

Same Patch Batch · n/a · 2021-03-03 · 36 CVEs total

CVE-2021-233474.7 MEDIUMCross-site Scripting (XSS)
CVE-2020-28597Epignosis EfrontPro 安全漏洞
CVE-2020-25632grub2 资源管理错误漏洞
CVE-2021-20225grub2 缓冲区错误漏洞
CVE-2021-20233grub2 缓冲区错误漏洞
CVE-2020-29047WordPress 代码问题漏洞
CVE-2021-22877Nextcloud 访问控制错误漏洞
CVE-2021-22878Nextcloud Server 跨站脚本漏洞
CVE-2020-8296Nextcloud 安全漏洞
CVE-2021-21978VMware View Planner 代码问题漏洞
CVE-2020-14372grub2 安全漏洞
CVE-2020-28591Slic3r 缓冲区错误漏洞
CVE-2020-13558WebKitGTK 资源管理错误漏洞
CVE-2021-22681Rockwell Automation RSLogix 500 和 Logix Designer Studio 5000 安全漏洞
CVE-2021-27839Online Invoicing System 注入漏洞
CVE-2021-27935AdGuard 安全漏洞
CVE-2021-27931LumisXP 代码问题漏洞
CVE-2021-27940openark orchestrator 跨站脚本漏洞
CVE-2021-22683FATEK FvDesigner 缓冲区错误漏洞
CVE-2021-27923Pillow 输入验证错误漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-27215

No comments yet

Leave a comment