CVE-2021-3442 — Vulnetix

CVE-2021-3442 PUBLISHED CVSS 5.400000095367432 MEDIUM

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.

EPSS 0.21% · 43.8th percentile

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.21%

43.8th percentile

Affected Products

Vendor	Product	Versions
n/a	Red Hat OpenShift API Management.	Affects v2.9.1 GA.
redhat	openshift_api_management	2.9.1

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=1930083 (circl)
https://access.redhat.com/security/cve/CVE-2021-3442 (circl)

Timeline

Aug 22, 2022 CVE Published
Aug 23, 2022 EPSS Score
Oct 8, 2022 EPSS Score
Nov 22, 2022 EPSS Score
Jan 7, 2023 EPSS Score
Feb 22, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 9, 2023 EPSS Score
May 24, 2023 EPSS Score
Jul 9, 2023 EPSS Score
Aug 24, 2023 EPSS Score
Oct 9, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=1930083 url
https://access.redhat.com/security/cve/CVE-2021-3442 url
https://nvd.nist.gov/vuln/detail/CVE-2021-3442 advisory
https://access.redhat.com/errata/RHSA-2021:3851 url

Open in Interactive Console →