Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
AnalysisAI
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request. Affected products include: Apolloconfig Apollo.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. Rated critical severity (CVSS 10.0),
A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Rated medium severity (CVSS 4.3), this vu
Apollo is a configuration management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable,
apollo-adminservice before version 1.7.1 does not implement access controls. Rated high severity (CVSS 7.0), this vulner
Apollo is a configuration management system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitabl
Apollo is a configuration management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitabl
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today