How severe is CVE-2021-37845?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2021-37845?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2021-37845 - LOW Severity | CVSS 3.7

Vulnerability Description

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.

Related Vulnerabilities

CVE-2005-4780

LOW

CVSS:3.7(Low)

Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home...

NVD-CWE-Other2005

CVE-2016-0671

LOW

CVSS:3.7(Low)

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.

NVD-CWE-Other2016

CVE-2016-0688

LOW

CVSS:3.7(Low)

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Compone...

NVD-CWE-Other2016

CVE-2016-1133

LOW

CVSS:3.7(Low)

CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP...

NVD-CWE-Other2016

CVE-2016-1899

LOW

CVSS:3.7(Low)

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XS...

NVD-CWE-Other2016

CVE-2016-1900

LOW

CVSS:3.7(Low)

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP header...

NVD-CWE-Other2016