CVE-2021-44207

CISA description

Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.

Notes & references

• https://www.acclaimsystems.com/#contact
• https://www.tnatc.org/#contact
• https://nvd.nist.gov/vuln/detail/CVE-2021-44207

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2021-44207
• CVE.org · CVE-2021-44207
• CISA KEV catalog (canonical)