{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T06:26:05.225","vulnerabilities":[{"cve":{"id":"CVE-2021-22001","sourceIdentifier":"security@vmware.com","published":"2021-07-22T14:15:07.867","lastModified":"2024-11-21T05:49:25.120","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server."},{"lang":"es","value":"En UAA versiones anteriores a 75.3.0, se ha revelado información confidencial como el secreto de retransmisión del proveedor en respuesta cuando se enviaba al servidor de UAA una petición de eliminación de un proveedor de identidades (IdP) de tipo \"oauth 1.0\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*","versionEndExcluding":"16.18.0","matchCriteriaId":"659D136D-133F-4418-BD5C-A1A931BCB412"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:user_account_and_authentication:*:*:*:*:*:*:*:*","versionEndExcluding":"75.3.0","matchCriteriaId":"CB67B221-E6CB-482B-B175-0AD5284CF058"}]}]}],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2021-22001-sensitive-info-leakage-in-uaa-during-identity-provider-deletion/","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"https://www.cloudfoundry.org/blog/cve-2021-22001-sensitive-info-leakage-in-uaa-during-identity-provider-deletion/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}