CVE-2021-1576

CWE-285CWE-798Hard-coded CredentialsCWE-532Log File Information Exposure4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Business Process AutomationCisco Cisco Business Process Automation (bpa)
Timeline
PublishedJul 8
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions wi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-hmmr-427f-cr3p: Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacke2022-05-24
CVEList
Cisco Business Process Automation Privilege Escalation Vulnerabilities2021-07-08

📋Vendor Advisories

1
Cisco
Cisco Business Process Automation Privilege Escalation Vulnerabilities2021-07-07
CVE-2021-1576 (HIGH CVSS 8.8) | Multiple vulnerabilities in the web | cvebase.io