How severe is CVE-2021-1535?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-1535?

This is classified as CWE-497, which is a common weakness in software security.

CVE-2021-1535 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system.

Related Vulnerabilities

CVE-2019-10243

MEDIUM

CVSS:5.3(Medium)

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by...

CWE-4972019

CVE-2020-26076

MEDIUM

CVSS:5.3(Medium)

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the ...

CWE-4972020

CVE-2021-1234

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be aff...

CWE-4972021

CVE-2022-38710

MEDIUM

CVSS:5.3(Medium)

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 23...

CWE-4972022

CVE-2022-43852

MEDIUM

CVSS:5.3(Medium)

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

CWE-4972022

CVE-2023-0342

MEDIUM

CVSS:5.3(Medium)

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior...

CWE-4972023