CVE-2021-32077 Information

Description

Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors’ and nurses’ social security numbers and PII.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers https://www.veritystream.com/legacy/msow-solutions

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5