How severe is CVE-2021-36371?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2021-36371?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2021-36371 - LOW Severity | CVSS 3.7

Vulnerability Description

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.)

Related Vulnerabilities

CVE-2016-1000033

LOW

CVSS:3.7(Low)

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

CWE-2952016

CVE-2016-9015

LOW

CVSS:3.7(Low)

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the li...

CWE-2952016

CVE-2017-15528

LOW

CVSS:3.7(Low)

Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pub...

CWE-2952017

CVE-2019-4150

LOW

CVSS:3.7(Low)

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) a...

CWE-2952019

CVE-2019-4654

LOW

CVSS:3.7(Low)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-F...

CWE-2952019

CVE-2020-9488

LOW

CVSS:3.7(Low)

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messa...

CWE-2952020