CVE-2021-27786
Published: 09 June 2022
Summary
CVE-2021-27786 is a medium-severity Permissive Cross-domain Security Policy with Untrusted Domains (CWE-942) vulnerability in Hcltech Onetest Server. Its CVSS base score is 4.6 (Medium).
Operationally, ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-14527
Vulnerability details
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server…
more
to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.