How severe is CVE-2021-37788?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2021-37788?

This is classified as CWE-1021, which is a common weakness in software security.

CVE-2021-37788 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

Related Vulnerabilities

CVE-2019-4285

MEDIUM

CVSS:5.4(Medium)

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attack...

CWE-10212019

CVE-2020-15793

MEDIUM

CVSS:5.4(Medium)

A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could all...

CWE-10212020

CVE-2020-2105

MEDIUM

CVSS:5.4(Medium)

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.

CWE-10212020

CVE-2020-4165

MEDIUM

CVSS:5.4(Medium)

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit th...

CWE-10212020

CVE-2020-4195

MEDIUM

CVSS:5.4(Medium)

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could...

CWE-10212020

CVE-2020-4406

MEDIUM

CVSS:5.4(Medium)

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1...

CWE-10212020