CVE-2021-42856 — MEDIUM (4.7)

Q: How severe is CVE-2021-42856?

CVE-2021-42856 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-42856?

Check the references section above for vendor advisories and patch information. Affected products include: Riverbed Steelcentral Appinternals Dynamic Sampling Agent.

Vulnerability Description

It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Riverbed	Steelcentral Appinternals Dynamic Sampling Agent	>= 11.0.0, < 11.8.8

Related Weaknesses (CWE)

CWE-20 CWE-79

References

https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-ScriptThird Party Advisory
https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-ScriptThird Party Advisory

FAQ

What is CVE-2021-42856?

CVE-2021-42856 is a vulnerability with a CVSS score of 4.7 (MEDIUM). It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allow...

How severe is CVE-2021-42856?

CVE-2021-42856 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-42856?

Check the references section above for vendor advisories and patch information. Affected products include: Riverbed Steelcentral Appinternals Dynamic Sampling Agent.