← back
CVE-2021-44207

CVE-2021-44207

CVSS 8.1 HIGHEPSS 17.6%● KEVCWE-798
In short

Acclaim USAHERDS versions up to 7.4.0.1 contain hard-coded credentials that cannot be changed. An attacker who discovers these credentials can gain unauthorized access to the system.

Technical detail

CWE-798 hard-coded credentials in Acclaim USAHERDS ≤7.4.0.1 allow unauthenticated attackers to gain administrative or functional access without requiring credential compromise. Credentials embedded in the application binary or configuration files are static and immutable, enabling persistent unauthorized access.

Summary generated and translated by AI from the official description.
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0012/MNDT-2021-0012.mdhttps://www.acclaimsystems.comhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44207