CVE-2021-45457

Overly broad CORS configuration

EPSS 2.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Jan 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Affected products

Apache Software Foundation · Apache Kylin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/rzv4mq58okwj1n88lry82ol2wwm57q1m http://www.openwall.com/lists/oss-security/2022/01/06/2