How severe is CVE-2021-40130?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2021-40130?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2021-40130 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.

Related Vulnerabilities

CVE-2016-0731

MEDIUM

CVSS:4.9(Medium)

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.

CWE-2842016

CVE-2021-27653

MEDIUM

CVSS:4.9(Medium)

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.

CWE-2842021

CVE-2021-45730

MEDIUM

CVSS:4.9(Medium)

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should onl...

CWE-2842021

CVE-2022-2088

MEDIUM

CVSS:4.9(Medium)

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.

CWE-2842022

CVE-2022-31708

MEDIUM

CVSS:4.9(Medium)

vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4...

CWE-2842022

CVE-2022-46676

MEDIUM

CVSS:4.9(Medium)

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group ...

CWE-2842022