Vulnerabilities > CVE-2021-38137 - Incorrect Authorization vulnerability in Corero Securewatch Managed Services 9.7.2.0020

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
corero
CWE-863

Summary

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.

Vulnerable Configurations

Part Description Count
Application
Corero
1

Common Weakness Enumeration (CWE)