Vulnerability Details CVE-2021-30650
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/CVE-2021-30650-Layer7-OAuth-Toolkit-OTK-/20170
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/CVE-2021-30650-Layer7-OAuth-Toolkit-OTK-/20170
Products affected by CVE-2021-30650
-
cpe:2.3:a:broadcom:layer7_api_management_oauth_toolkit:4.4