Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.
References
Link | Resource |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-12-14 14:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-36721
Mitre link : CVE-2021-36721
CVE.ORG link : CVE-2021-36721
JSON object : View
Products Affected
sysaid
- application_programming_interface
CWE