Vulnerabilities > CVE-2021-38137 - Incorrect Authorization vulnerability in Corero Securewatch Managed Services 9.7.2.0020

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

corero

CWE-863

NVD

Published: 2021-08-06

Updated: 2022-07-12

Summary

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.

Vulnerable Configurations

Part	Description	Count
Application	Corero Corero Securewatch Managed Services 9.7.2.0020	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.shielder.it/advisories/corero_secure_watch_managed_services-multiple-broken-access-control/
https://www.corero.com/blog/data-sheets-corero-securewatch-managed-services/