CVE-2021-37935

EUVD-2021-24411
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
huntflowhuntflow_enterprise
𝑥
≤ 3.10.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/andrey-lomtev/c970fb7dd022d04f5b57ad37fbedd064
https://gist.github.com/andrey-lomtev/c970fb7dd022d04f5b57ad37fbedd064