{"api_version":"1","generated_at":"2026-04-23T01:33:38+00:00","cve":"CVE-2021-22115","urls":{"html":"https://cve.report/CVE-2021-22115","api":"https://cve.report/api/cve/CVE-2021-22115.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22115","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22115"},"summary":{"title":"CVE-2021-22115","description":"Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2021-04-08 18:15:00","updated_at":"2021-04-14 19:52:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/","name":"https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/","refsource":"MISC","tags":[],"title":"CVE-2021-22115: CAPI logs service broker credentials | Cloud Foundry","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22115","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22115","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22115","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cloudfoundry","cpe5":"capi-release","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22115","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cloudfoundry","cpe5":"cf-deployment","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-22115","ASSIGNER":"security@vmware.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Cloud Control API","version":{"version_data":[{"version_value":"CAPI versions prior to 1.106.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Clear text logging of credentials"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/","url":"https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/"}]},"description":{"description_data":[{"lang":"eng","value":"Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller."}]}},"nvd":{"publishedDate":"2021-04-08 18:15:00","lastModifiedDate":"2021-04-14 19:52:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*","versionEndExcluding":"1.106.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*","versionEndExcluding":"16.2.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22115","Ordinal":"196810","Title":"CVE-2021-22115","CVE":"CVE-2021-22115","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22115","Ordinal":"1","NoteData":"Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22115","Ordinal":"2","NoteData":"2021-04-08","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22115","Ordinal":"3","NoteData":"2021-04-08","Type":"Other","Title":"Modified"}]}}}