CVE-2021-1576

Name of the Vulnerable Software and Affected Versions Cisco Business Process Automation (affected versions not specified)

Description The issue is related to improper authorization settings for management commands and access to action logs. This could allow a remote attacker to elevate privileges by sending specially crafted HTTP messages. The vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities by submitting crafted HTTP messages to an affected system, performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.