CVE-2021-22825

HIGH Year: 2021
CVSS v3 Score
8.0
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)

Related Vulnerabilities

CVE-2016-1489

HIGH
CVSS:8.0(High)

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network ...

CWE-2002016

CVE-2016-3651

HIGH
CVSS:8.0(High)

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.

CWE-2002016

CVE-2017-5262

HIGH
CVSS:8.0(High)

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.

CWE-2002017

CVE-2018-1240

HIGH
CVSS:8.0(High)

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the...

CWE-2002018

CVE-2018-8209

HIGH
CVSS:8.0(High)

An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclos...

CWE-2002018

CVE-2021-24945

HIGH
CVSS:8.0(High)

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such ...

CWE-2002021