How severe is CVE-2021-22914?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-22914?

This is classified as CWE-922, which is a common weakness in software security.

CVE-2021-22914 - HIGH Severity | CVSS 7.5

Vulnerability Description

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.

Related Vulnerabilities

CVE-2019-12911

HIGH

CVSS:7.5(High)

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.

CWE-9222019

CVE-2019-12914

HIGH

CVSS:7.5(High)

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.

CWE-9222019

CVE-2019-20060

HIGH

CVSS:7.5(High)

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitiv...

CWE-9222019

CVE-2020-15775

HIGH

CVSS:7.5(High)

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is...

CWE-9222020

CVE-2020-26104

HIGH

CVSS:7.5(High)

In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).

CWE-9222020

CVE-2020-7000

HIGH

CVSS:7.5(High)

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the...

CWE-9222020