CVE-2021-1574

Name of the Vulnerable Software and Affected Versions Cisco Business Process Automation (affected versions not specified)

Description The issue is related to improper authorization enforcement in the web-based management interface, allowing an authenticated, remote attacker to elevate privileges to Administrator. This can be achieved by submitting crafted HTTP messages to an affected system, performing unauthorized actions with administrator privileges, or by retrieving sensitive data from logs to impersonate a legitimate privileged user. The vulnerabilities are due to incorrect authorization settings for management commands and access to log files containing confidential information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.