Remote Denial-of-Service Vulnerability in Positive Technologies MaxPatrol 8 and XSpider
CVE-2021-4467
Key Information:
- Vendor
Positive Technologies
- Vendor
- CVE Published:
- 14 November 2025
Badges
What is CVE-2021-4467?
Positive Technologies MaxPatrol 8 and XSpider are impacted by a remote denial-of-service vulnerability that arises from their client communication service on TCP port 2002. The service handles incoming connections by generating unique session identifiers. However, it fails to impose adequate limits on concurrent requests. This allows an unauthorized remote attacker to exploit the service by sending repeated HTTPS requests, leading to an excessive allocation of session identifiers. When the system is under load, collisions in session identifiers may take place, which can result in active client sessions being forcibly disconnected and causing disruption in services.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MaxPatrol 8 (Server) 0 <= 09.2020
XSpider (Server) 0 <= 09.2020
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved