Vulnerability Description
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Application Policy Infrastructure Controller | < 3.2\(10f\) |
| Cisco | Cloud Application Policy Infrastructure Controller | < 3.2\(10f\) |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory
FAQ
What is CVE-2021-1582?
CVE-2021-1582 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting at...
How severe is CVE-2021-1582?
CVE-2021-1582 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1582?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Application Policy Infrastructure Controller, Cisco Cloud Application Policy Infrastructure Controller.