CVE-2021-45036 HIGH

CVE-2021-45036: Velneo vClient improper authentication

Vendor Velneo
Product Velneo vClient
Weakness CWE-290
Published November 28, 2022
Last update April 25, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Key dates

02Disclosure timeline

November 28, 2022 CVE published
April 25, 2025 Record updated