QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-4467

Back to search

CVE-2021-4467

Published: Nov 14, 2025

Modified: Nov 18, 2025

PUBLISHED

Description

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remote attacker can repeatedly issue HTTPS requests to the service, causing excessive allocation of session identifiers. Under load, session identifier collisions may occur, forcing active client sessions to disconnect and resulting in service disruption.

VendorProductVersions

Positive Technologies

MaxPatrol 8 (Server)

affected
0 - <= 09.2020

Positive Technologies

XSpider (Server)

affected
0 - <= 09.2020

Weaknesses (CWE)

CWE-400

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now