CVE-2021-36721

Опубликовано: 14 дек. 2021

Источник: nvd

CVSS3: 4.4

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.

Ссылки

https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory
https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sysaid:application_programming_interface:*:*:*:*:*:*:*:*

Версия до 21.3.60 (исключая)

EPSS

Процентиль: 36%

0.0015

Низкий

4.4 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3fmg-j52q-2cm9

CVSS3: 5.3

github

около 4 лет назад

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.

EPSS

Процентиль: 36%

0.0015

Низкий

4.4 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo