Vulnerabilities > CVE-2021-32077 - Unspecified vulnerability in Veritystream Msow Solutions

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

veritystream

NVD

Published: 2021-05-06

Updated: 2022-07-12

Summary

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.

Vulnerable Configurations

Part	Description	Count
Application	Veritystream Veritystream Msow Solutions -	1

References

https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers
https://www.veritystream.com/legacy/msow-solutions