Vulnerabilities > CVE-2021-28248 - Improper Restriction of Excessive Authentication Attempts vulnerability in Broadcom Ehealth

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

broadcom

CWE-307

NVD

Published: 2021-03-26

Updated: 2024-04-11

Summary

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Ehealth 6.3 Broadcom Ehealth 6.3.1 Broadcom Ehealth 6.3.2 Broadcom Ehealth 6.3.2.01 Broadcom Ehealth 6.3.2.02 Broadcom Ehealth 6.3.2.03 Broadcom Ehealth 6.3.2.04 Broadcom Ehealth 6.3.2.05 Broadcom Ehealth 6.3.2.06 Broadcom Ehealth 6.3.2.07 Broadcom Ehealth 6.3.2.08 Broadcom Ehealth 6.3.2.09 Broadcom Ehealth 6.3.2.10 Broadcom Ehealth 6.3.2.11 Broadcom Ehealth 6.3.2.12	15

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://n4nj0.github.io/advisories/ca-ehealth-performance-manager/