CVE-2021-36721
4.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SysAid | SysAid API | Sysaid – version 20.4.74 20.4.74 | affected |
Weaknesses
- User Enumeration
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.