Skip to main content
CVE-2021-21434 MEDIUM This Month

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-21288 MEDIUM PATCH This Month

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Carrierwave
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-21436 MEDIUM This Month

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cis In Customer Frontend
NVD
CVSS 3.1
4.3
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy