CVE-2021-22516 (GCVE-0-2021-22516)
Vulnerability from cvelistv5 – Published: 2021-06-04 12:05 – Updated: 2024-08-03 18:44
VLAI
EPSS
VEX
Summary
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.
Severity
7.5 (High)
CWE
- Insertion of Sensitive Information into Log File.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.microfocus.com/documentation/secure-a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Secure API Manager (SAPIM). |
Affected:
2.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Secure API Manager (SAPIM).",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information into Log File.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T12:05:37.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure API Manager (SAPIM).",
"version": {
"version_data": [
{
"version_value": "2.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Log File."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22516",
"datePublished": "2021-06-04T12:05:37.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:44:13.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-22516",
"date": "2026-07-15",
"epss": "0.00986",
"percentile": "0.58396"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:secure_api_manager:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCD9635B-3497-4C95-BDE9-DF203CD9949C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Inserci\\u00f3n de Informaci\\u00f3n Confidencial en un Archivo de Registro en el producto Micro Focus Secure API Manager (SAPIM), afectando la versi\\u00f3n 2.0.0. La vulnerabilidad podr\\u00eda conllevar a que la informaci\\u00f3n confidencial se encuentre en un archivo de registro\"}]",
"id": "CVE-2021-22516",
"lastModified": "2024-11-21T05:50:15.840",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-06-04T13:15:08.700",
"references": "[{\"url\": \"https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-22516\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2021-06-04T13:15:08.700\",\"lastModified\":\"2024-11-21T05:50:15.840\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Inserci\u00f3n de Informaci\u00f3n Confidencial en un Archivo de Registro en el producto Micro Focus Secure API Manager (SAPIM), afectando la versi\u00f3n 2.0.0. La vulnerabilidad podr\u00eda conllevar a que la informaci\u00f3n confidencial se encuentre en un archivo de registro\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:secure_api_manager:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD9635B-3497-4C95-BDE9-DF203CD9949C\"}]}]}],\"references\":[{\"url\":\"https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"current_release_date": "2026-03-27T14:50:11+00:00",
"cve": "CVE-2021-22516",
"id": "CVE-2021-22516",
"initial_release_date": "2021-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "CVE-2021-22516",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-22516.json",
"version": "3"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…