What is CVE-2021-3833?

CVE-2021-3833 is a critical-severity vulnerability in Ártica Integria Ims, classified under Incorrect Comparison. CVSS score: 9.8/10. Published 2021-10-07.

How severe is CVE-2021-3833?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Ártica Integria Ims

CVE-2021-3833

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability i…

EPSS: 0.006 (70.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ártica Integria Ims — versions 5.0.92

Weakness classification (CWE)

CWE-697 — Incorrect Comparison

References

integriaims.com/en/services/updates/ (x_refsource_CONFIRM)
www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-3833?: CVE-2021-3833 is a critical-severity vulnerability in Ártica Integria Ims, classified under Incorrect Comparison. CVSS score: 9.8/10. Published 2021-10-07.
How severe is CVE-2021-3833?: Critical severity. CVSS v3 base score is 9.8 out of 10.