CVE-2021-4467

Positive Technologies MaxPatrol 8 & XSpider Remote DoS

Description

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remote attacker can repeatedly issue HTTPS requests to the service, causing excessive allocation of session identifiers. Under load, session identifier collisions may occur, forcing active client sessions to disconnect and resulting in service disruption.

INFO

Published Date :

2025-11-14T22:51:47.690Z

Last Modified :

2025-11-18T16:33:01.126Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2021-4467 vulnerability.

Vendors	Products
Positive Technologies	Maxpatrol8 Maxpatrol 8 Xspider

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-4467.

URL	Resource
https://cxsecurity.com/issue/WLB-2021090114
https://vulners.com/zdt/1337DAY-ID-36775
https://www.ptsecurity.com/
https://www.vulncheck.com/advisories/positive-technologies-maxpatrol-8-and-xspider-remote-dos

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability