What the vulnerability does

01Description

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.

Key dates

02Disclosure timeline

January 6, 2021 CVE published
June 2, 2026 Record updated