How severe is CVE-2021-27786?

CVE-2021-27786 has a CVSS v3 score of 4.6 (MEDIUM).

CVE-2021-27786

Name: onetest_server
Author: hcltech

4.6MEDIUM

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial r

Published: 6/9/2022Updated: 11/21/2024

Description

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.

AI AnalysisPowered by AI

Affected Products

hcltechonetest_server

10.0

hcltechonetest_server

10.1

hcltechonetest_server

10.2

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603
Vendor Advisory