CVE-2021-27786 – HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted

https://notcve.org/view.php?id=CVE-2021-27786

07 Jun 2022 — Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. Una compartición de recursos entre orígenes (CORS... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •