CVE-2021-33577
First published: Fri Jun 18 2021(Updated: )
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cleo LexiCom | =5.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-33577?
CVE-2021-33577 has been classified as a critical vulnerability due to the potential for message signing and encryption bypass.
How do I fix CVE-2021-33577?
To fix CVE-2021-33577, update Cleo LexiCom to a version that addresses this vulnerability as per vendor recommendations.
What systems are affected by CVE-2021-33577?
CVE-2021-33577 specifically affects Cleo LexiCom version 5.5.0.0.
What does CVE-2021-33577 allow an attacker to do?
CVE-2021-33577 allows an attacker to bypass sender identification requirements in AS2 messages by altering the message's Content-Type.
Is there a workaround for CVE-2021-33577?
Unfortunately, there is no known workaround for CVE-2021-33577; upgrading to the secure version is the recommended approach.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/tags
- agent/event
- agent/source
- vendor/cleo
- canonical/cleo lexicom
- version/cleo lexicom/5.5.0.0