How severe is CVE-2021-1132?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-1132?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2021-1132 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2025-46441

MEDIUM

CVSS:5.3(Medium)

Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.

CWE-352025

CVE-2025-30966

MEDIUM

CVSS:5.4(Medium)

Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.

CWE-352025

CVE-2022-46826

MEDIUM

CVSS:5.5(Medium)

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

CWE-352022

CVE-2021-1282

MEDIUM

CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2021-1364

MEDIUM

CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2024-52390

MEDIUM

CVSS:4.9(Medium)

: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.

CWE-352024