{"api_version":"1","generated_at":"2026-04-23T06:44:51+00:00","cve":"CVE-2021-22500","urls":{"html":"https://cve.report/CVE-2021-22500","api":"https://cve.report/api/cve/CVE-2021-22500.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22500","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22500"},"summary":{"title":"CVE-2021-22500","description":"Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.","state":"PUBLIC","assigner":"security@microfocus.com","published_at":"2021-02-06 02:15:00","updated_at":"2023-11-07 03:30:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://softwaresupport.softwaregrp.com/doc/KM03775253","name":"https://softwaresupport.softwaregrp.com/doc/KM03775253","refsource":"","tags":[],"title":"MySupport - Micro Focus Software Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22500","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22500","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22500","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.40","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22500","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.50","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22500","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.51","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22500","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.40","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22500","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.50","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22500","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.51","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-22500","ASSIGNER":"security@microfocus.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Application Performance Management","version":{"version_data":[{"version_value":"9.40, 9.50, 9.51"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cross Site Request Forgery."}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://softwaresupport.softwaregrp.com/doc/KM03775253","url":"https://softwaresupport.softwaregrp.com/doc/KM03775253"}]},"description":{"description_data":[{"lang":"eng","value":"Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing."}]}},"nvd":{"publishedDate":"2021-02-06 02:15:00","lastModifiedDate":"2023-11-07 03:30:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22500","Ordinal":"197205","Title":"CVE-2021-22500","CVE":"CVE-2021-22500","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22500","Ordinal":"1","NoteData":"Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22500","Ordinal":"2","NoteData":"2021-02-05","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22500","Ordinal":"3","NoteData":"2021-02-05","Type":"Other","Title":"Modified"}]}}}