High severity7.5NVD Advisory· Published Dec 10, 2021· Updated Jun 17, 2026
CVE-2021-37935
CVE-2021-37935
Description
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Huntflow/Huntflow Enterprisedescription
- Range: <3.10.4
Patches
Vulnerability mechanics
References
1- gist.github.com/andrey-lomtev/c970fb7dd022d04f5b57ad37fbedd064nvdThird Party Advisory
News mentions
0No linked articles in our index yet.