CVE-2021-26991

Name of the Vulnerable Software and Affected Versions: Cloud Manager versions prior to 3.9.4

Description: The issue is related to an insecure Cross-Origin Resource Sharing (CORS) policy. This could allow a remote attacker to interact with Cloud Manager. CORS is a security feature that restricts web pages from making requests to a different origin (domain, protocol, or port) than the one the web page was loaded from. An insecure CORS policy can allow malicious scripts to make unauthorized requests on behalf of the user.

Recommendations: For Cloud Manager versions prior to 3.9.4, update to version 3.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to Cloud Manager to minimize the risk of exploitation.