CVE-2021-36794 : In Siren Investigate before 11.1.4, when enabling the cluster feature of the Sir

In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.

Published 2021-11-02 14:15:14

Updated 2021-11-04 13:30:36

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-36794

Siren » Investigate
Versions before (<) 11.1.4
cpe:2.3:a:siren:investigate:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-36794

EPSS FAQ

0.65%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 69 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-36794

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-36794

https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html#_security_fixes_3

Release Notes :: SIREN DOCS
Release Notes;Vendor Advisory
https://docs.siren.io/index

Siren Help Documentation
Release Notes;Vendor Advisory
https://community.siren.io/c/announcements

Latest Announcements topics - Siren Community
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-36794

Products affected by CVE-2021-36794

Exploit prediction scoring system (EPSS) score for CVE-2021-36794

CVSS scores for CVE-2021-36794

References for CVE-2021-36794