CVE-2021-34774

CWE-200Information Exposure4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 83.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Common Services Platform CollectorCisco Cisco Common Services Platform Collector Software
Timeline
PublishedNov 4
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-x72f-qxm6-m76q: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker2022-05-24
CVEList
Cisco Common Services Platform Collector Information Disclosure Vulnerability2021-11-04

📋Vendor Advisories

1
Cisco
Cisco Common Services Platform Collector Information Disclosure Vulnerability2021-11-03
CVE-2021-34774 (MEDIUM CVSS 4.9) | A vulnerability in the web-based ma | cvebase.io