How severe is CVE-2021-34782?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2021-34782?

This is classified as CWE-202, which is a common weakness in software security.

CVE-2021-34782 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.

Related Vulnerabilities

CVE-2021-4159

MEDIUM

CVSS:4.4(Medium)

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to...

CWE-2022021

CVE-2023-0785

LOW

CVSS:3.7(Low)

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The ma...

CWE-2022023

CVE-2023-1625

MEDIUM

CVSS:5.0(Medium)

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. ...

CWE-2022023

CVE-2023-20215

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a ne...

CWE-2022023

CVE-2024-20388

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. ...

CWE-2022024

CVE-2024-38895

MEDIUM

CVSS:5.3(Medium)

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.

CWE-2022024