CVE-2021-22001

2021-07-2213:17:35

CWE-200

vmware

www.cve.org

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.

CNA Affected

[
  {
    "product": "Cloud Foundry UAA server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cloud Foundry UAA server prior to version 75.3.0"
      }
    ]
  }
]