How severe is CVE-2021-40128?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-40128?

This is classified as CWE-183, which is a common weakness in software security.

CVE-2021-40128

MEDIUM Year: 2021

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-183

View all →

Vulnerability Description

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website.

CVE-2021-34787

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unaut...

CWE-1832021

CVE-2023-7250

MEDIUM

CVSS:5.3(Medium)

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, ...

CWE-1832023

CVE-2020-1694

MEDIUM

CVSS:4.9(Medium)

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information o...

CWE-1832020

CVE-2022-23158

MEDIUM

CVSS:4.4(Medium)

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provid...

CWE-1832022

CVE-2022-42469

MEDIUM

CVSS:4.3(Medium)

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the p...

CWE-1832022

CVE-2024-38522

MEDIUM

CVSS:6.3(Medium)

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this reposito...

CWE-1832024

CVE-2021-40128

Vulnerability Description

Related Vulnerabilities

CVE-2021-34787

CVE-2023-7250

CVE-2020-1694

CVE-2022-23158

CVE-2022-42469

CVE-2024-38522