CVE-2021-34774

Name of the Vulnerable Software and Affected Versions Cisco Common Services Platform Collector (affected versions not specified)

Description The issue is related to the web-based management interface of Cisco Common Services Platform Collector, where errors occur when responding to a correct API request. This could allow a remote attacker to access sensitive data by sending a specially crafted HTTP request to the vulnerable application. The vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit this by sending a crafted HTTP request, potentially obtaining sensitive information about the application's users, including security questions and answers. To exploit this, an attacker would need valid Administrator credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.