High severityNVD Advisory· Published Nov 14, 2025· Updated Apr 15, 2026
CVE-2021-4467
CVE-2021-4467
Description
Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remote attacker can repeatedly issue HTTPS requests to the service, causing excessive allocation of session identifiers. Under load, session identifier collisions may occur, forcing active client sessions to disconnect and resulting in service disruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =8
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.