CVE-2021-32503
First published: Fri Apr 01 2022(Updated: )
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.
Credit: psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Ftmg Firmware | <2.8 | |
| Sick Ftmg Firmware | =2.8 | |
| Sick Ftmg |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-32503?
CVE-2021-32503 is a vulnerability that allows unauthenticated users to access sensitive web URLs through a GET request.
Who is affected by CVE-2021-32503?
The vulnerability affects Sick Ftmg Firmware versions up to and including 2.8.
How can unauthenticated users exploit CVE-2021-32503?
Unauthenticated users can exploit the vulnerability by sending GET requests to sensitive web URLs that should be restricted to maintenance users only.
What is the severity of CVE-2021-32503?
The severity of CVE-2021-32503 is medium with a CVSS score of 4.9.
How can I fix CVE-2021-32503?
To fix CVE-2021-32503, restrict access to sensitive web URLs to maintenance users only and ensure that authentication is required for accessing them.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sick
- canonical/sick ftmg firmware
- version/sick ftmg firmware/2.8
- canonical/sick ftmg