CVE Vulnerabilities

CVE-2021-46434

Published: Mar 28, 2022 | Modified: May 17, 2024

CVSS 3.x

5.3

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.x

5 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-46434
CWE	https://cwe.mitre.org/data/definitions/.html

EMQ X Dashboard V3.0.0 is affected by username enumeration in the /api /v3/auth interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid

Affected Software

Name	Vendor	Start Version	End Version
Emqx	Emqx	3.0.0 (including)	3.0.0 (including)

References

https://github.com/emqx/emqx/issues/6791

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.