CVE-2021-28124
MEDIUMCohesity DataPlatform <6.3.1g, <6.4.1c, <=6.5.1b - SSRF
Title source: llmDescription
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28124.md
Scores
CVSS v3
5.9
EPSS
0.0030
EPSS Percentile
53.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
cohesity/cohesity_dataplatform
6.3 - 6.3.1g
Published
Apr 02, 2021
Tracked Since
Feb 18, 2026