CVE-2021-45915
First published: Tue May 24 2022(Updated: )
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| LuxCal | <5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is LuxSoft LuxCal Web Calendar before 5.2.0?
LuxSoft LuxCal Web Calendar before 5.2.0 is a web calendar software developed by LuxSoft.
What is the vulnerability identified as CVE-2021-45915?
CVE-2021-45915 is a vulnerability in LuxSoft LuxCal Web Calendar before 5.2.0 that allows an unauthenticated attacker to manipulate a cookie value and gain unauthorized access to the system.
How severe is CVE-2021-45915?
CVE-2021-45915 has a severity score of 9.8, which is considered critical.
How does CVE-2021-45915 impact LuxSoft LuxCal Web Calendar before 5.2.0?
CVE-2021-45915 allows an unauthenticated attacker to manipulate a cookie value and authenticate themselves as any registered LuxCal user, including the site administrator.
How can I fix the vulnerability CVE-2021-45915?
To fix CVE-2021-45915, upgrade to LuxSoft LuxCal Web Calendar version 5.2.0 or above.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/author
- vendor/luxsoft
- canonical/luxcal