How severe is CVE-2021-40875?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-40875?

This is classified as CWE-425, which is a common weakness in software security.

CVE-2021-40875 - HIGH Severity | CVSS 7.5

Vulnerability Description

Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.

Related Vulnerabilities

CVE-2017-14993

HIGH

CVSS:7.5(High)

OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.1...

CWE-4252017

CVE-2017-15235

HIGH

CVSS:7.5(High)

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fil...

CWE-4252017

CVE-2018-16060

HIGH

CVSS:7.5(High)

Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.

CWE-4252018

CVE-2018-16706

HIGH

CVSS:7.5(High)

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.

CWE-4252018

CVE-2018-7526

HIGH

CVSS:7.5(High)

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able ...

CWE-4252018

CVE-2019-17643

HIGH

CVSS:7.5(High)

An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXML...

CWE-4252019