CVE-2021-3442

Published: Aug 22, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.

Affected (1)

Products: Redhat: Openshift Api Management

1 product

Openshift Api Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Api Management	Version 2.9.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://access.redhat.com/security/cve/CVE-2021-3442

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1930083

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/security/cve/CVE-2021-3442

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1930083

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.