CVE-2021-43563 — HIGH (8.8)

Q: How severe is CVE-2021-43563?

CVE-2021-43563 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-43563?

Check the references section above for vendor advisories and patch information. Affected products include: Pixxio Pixx.Io.

Vulnerability Description

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pixxio	Pixx.Io	< 1.0.6

References

https://typo3.org/security/advisory/typo3-ext-sa-2021-017PatchThird Party Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2021-017PatchThird Party Advisory

FAQ

What is CVE-2021-43563?

CVE-2021-43563 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated atta...

How severe is CVE-2021-43563?

CVE-2021-43563 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-43563?

Check the references section above for vendor advisories and patch information. Affected products include: Pixxio Pixx.Io.