CVE-2021-35060
First published: Mon Oct 11 2021(Updated: )
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openwaygroup Way4 | <1.2.278-2693 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-35060?
CVE-2021-35060 is a vulnerability in OpenWay WAY4 ACS that allows unauthenticated attackers to discover if a specific payment card is stored in the system.
What is the severity of CVE-2021-35060?
CVE-2021-35060 has a severity score of 5.3, which is categorized as medium.
How can an attacker leverage CVE-2021-35060?
Attackers can leverage CVE-2021-35060 to determine if a payment card number is stored in the OpenWay WAY4 ACS system by exploiting response differences.
How can I mitigate CVE-2021-35060?
To mitigate CVE-2021-35060, it is recommended to apply the security update version 1.2.278-2693 or later released by OpenWayGroup.
Where can I find more information about CVE-2021-35060?
You can find more information about CVE-2021-35060 at the following references: [GitHub Gist](https://gist.github.com/exviry/9527ce2ccdc0718d3ffd1e3ca62cf304) and [OpenWayGroup website](https://www.openwaygroup.com/way4-platform).
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/openwaygroup
- canonical/openwaygroup way4