CVE-2021-3833

Integria IMS incorrect authorization

Description

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

Remediation

Solution:

  • This vulnerability has been solved in Integria IMS 5.0 93

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.61%
Vendor Advisory integriaims.com
Affected: Ártica Integria IMS
Published at:
Updated at:

References

Link Tags
https://integriaims.com/en/services/updates/ release notes vendor advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization

Frequently Asked Questions

What is the severity of CVE-2021-3833?
CVE-2021-3833 has been scored as a critical severity vulnerability.
How to fix CVE-2021-3833?
To fix CVE-2021-3833: This vulnerability has been solved in Integria IMS 5.0 93
Is CVE-2021-3833 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-3833 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-3833?
CVE-2021-3833 affects Ártica Integria IMS.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.