Vulnerability Description
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Veritystream | Msow Solutions | < 3.1.1 |
References
- https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbersExploitThird Party Advisory
- https://www.veritystream.com/legacy/msow-solutionsVendor Advisory
- https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbersExploitThird Party Advisory
- https://www.veritystream.com/legacy/msow-solutionsVendor Advisory
FAQ
What is CVE-2021-32077?
CVE-2021-32077 is a vulnerability with a CVSS score of 7.5 (HIGH). Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidde...
How severe is CVE-2021-32077?
CVE-2021-32077 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32077?
Check the references section above for vendor advisories and patch information. Affected products include: Veritystream Msow Solutions.