CVE-2021-45035 MEDIUM

CVE-2021-45035: Velneo vClient Improper authentication

Vendor Velneo
Product Velneo vClient
Weakness CWE-287 · Improper authentication
Published September 23, 2022
Last update May 22, 2025

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.

Key dates

02Disclosure timeline

September 23, 2022 CVE published
May 22, 2025 Record updated