Cloud Defense Logo

Products

Solutions

Company

CVE-2021-39213 : Security Advisory and Response

GLPI software versions between 9.1 and 9.5.6 with API Rest enabled are vulnerable to API bypass with custom header injection. Learn about the impact, technical details, and mitigation steps.

GLPI is vulnerable to API bypass with custom header injection when Rest API is enabled, affecting versions >= 9.1 and < 9.5.6. This CVE has a CVSS base score of 6.8.

Understanding CVE-2021-39213

GLPI software versions between 9.1 and 9.5.6 with API Rest enabled are susceptible to API bypass due to custom header injection.

What is CVE-2021-39213?

This CVE refers to a security vulnerability in GLPI software versions that allows attackers to bypass API restrictions by injecting custom headers.

The Impact of CVE-2021-39213

        CVSS Base Score: 6.8 (Medium)
        Attack Complexity: High
        Attack Vector: Network
        Confidentiality Impact: High
        Integrity Impact: High
        Privileges Required: Low

Technical Details of CVE-2021-39213

GLPI API bypass vulnerability involves the following technical aspects:

Vulnerability Description

The vulnerability arises due to improper neutralization of special elements allowing attackers to bypass API restrictions with custom header injection.

Affected Systems and Versions

GLPI versions >= 9.1 and < 9.5.6 with Rest API enabled are impacted by this vulnerability.

Exploitation Mechanism

Attackers can exploit this vulnerability by injecting custom headers to bypass IP restrictions within GLPI API.

Mitigation and Prevention

To mitigate the risks associated with CVE-2021-39213, consider the following steps:

Immediate Steps to Take

        Disable API Rest as a workaround

Long-Term Security Practices

        Keep GLPI software updated to version 9.5.6 or higher
        Regularly monitor and apply security patches to prevent API bypass vulnerabilities
        Conduct security assessments to detect and mitigate similar injection issues

Patching and Updates

Ensure all GLPI software instances are updated to version 9.5.6 where the vulnerability has been fixed.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now