CVE-2021-27485
CVE-2021-27485 is a high-severity vulnerability in Zoll Defibrillator Dashboard with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-257.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (64th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-257
- Affected product: Zoll Defibrillator Dashboard
- Published:
- Last modified:
Description
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
Frequently asked questions
- What is CVE-2021-27485?
- ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
- How severe is CVE-2021-27485?
- CVE-2021-27485 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2021-27485 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (64th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-27485?
- CVE-2021-27485 affects Zoll Defibrillator Dashboard. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2021-27485?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2021-27485 published?
- CVE-2021-27485 was published on 2021-06-16 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:zoll:defibrillator_dashboard:*:*:*:*:*:*:*:*
More vulnerabilities in Zoll Defibrillator Dashboard
- CVE-2021-27489 — High (CVSS 8.8): ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a…
- CVE-2021-27483 — High (CVSS 7.8): ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could…
- CVE-2021-27487 — Medium (CVSS 5.5): ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could…
- CVE-2021-27481 — Medium (CVSS 5.5): ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange…
- CVE-2021-27479 — Medium (CVSS 5.4): ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user…
All CVEs affecting Zoll Defibrillator Dashboard →
Other CWE-257 vulnerabilities
- CVE-2025-8095 — Critical (CVSS 9.1): The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as…
- CVE-2025-8904 — High (CVSS 8.5): Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/…
- CVE-2025-34180 — High (CVSS 8.4): NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client,…
- CVE-2025-6996 — High (CVSS 8.4): Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update…
- CVE-2025-6995 — High (CVSS 8.4): Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update…
- CVE-2016-15058 — High (CVSS 8.1): Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior…