CVE-2021-27786
MEDIUMHCL OneTest Server - Permissive Cross-domain Security Policy with Untrusted Domains
Title source: llmDescription
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603
Scores
CVSS v3
4.6
EPSS
0.0053
EPSS Percentile
40.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-942
CWE-697
Status
published
Products (3)
hcltech/onetest_server
10.0
hcltech/onetest_server
10.1
hcltech/onetest_server
10.2
Published
Jun 09, 2022
Tracked Since
Feb 18, 2026