How severe is CVE-2021-35001?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2021-35001?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2021-35001 - LOW Severity | CVSS 3.1

Vulnerability Description

BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.

Related Vulnerabilities

CVE-2021-33031

LOW

CVSS:3.1(Low)

In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access ...

CWE-8622021

CVE-2023-32677

LOW

CVSS:3.1(Low)

Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invit...

CWE-8622023

CVE-2024-10527

LOW

CVSS:3.1(Low)

The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. Thi...

CWE-8622024

CVE-2024-41918

LOW

CVSS:3.1(Low)

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may...

CWE-8622024

CVE-2024-55070

LOW

CVSS:3.1(Low)

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.

CWE-8622024

CVE-2024-8042

LOW

CVSS:3.1(Low)

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of ...

CWE-8622024