How severe is CVE-2021-1561?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2021-1561?

This is classified as CWE-302, which is a common weakness in software security.

CVE-2021-1561

MEDIUM Year: 2021

CVSS v3 Score

5.4

Medium

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-302

View all →

Vulnerability Description

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists because access to the spam quarantine feature is not properly restricted. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to modify another user's spam quarantine settings, possibly disabling security controls or viewing email messages stored on the spam quarantine interfaces.

CVE-2023-47127

MEDIUM

CVSS:5.4(Medium)

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.examp...

CWE-3022023

CVE-2024-3462

MEDIUM

CVSS:5.4(Medium)

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for ...

CWE-3022024

CVE-2022-40703

MEDIUM

CVSS:6.1(Medium)

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android devi...

CWE-3022022

CVE-2024-47086

HIGH

CVSS:6.5(Medium)

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vu...

CWE-3022024

CVE-2024-8475

MEDIUM

CVSS:6.5(Medium)

Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5.

CWE-3022024

CVE-2021-1399

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authent...

CWE-3022021

CVE-2021-1561

Vulnerability Description

Related Vulnerabilities

CVE-2023-47127

CVE-2024-3462

CVE-2022-40703

CVE-2024-47086

CVE-2024-8475

CVE-2021-1399