CVE-2021-1486

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-203
View all →

Vulnerability Description

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts.

Related Vulnerabilities

CVE-2013-1422

MEDIUM
CVSS:5.3(Medium)

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").

CWE-2032013

CVE-2014-4156

MEDIUM
CVSS:5.3(Medium)

Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability

CWE-2032014

CVE-2016-9129

MEDIUM
CVSS:5.3(Medium)

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revi...

CWE-2032016

CVE-2017-5107

MEDIUM
CVSS:5.3(Medium)

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a craf...

CWE-2032017

CVE-2017-7006

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows...

CWE-2032017

CVE-2017-8055

MEDIUM
CVSS:5.3(Medium)

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier retur...

CWE-2032017