The CVE-2021-23884 impacts Content Security Reporter prior to 2.8.0.
This vulnerability only happens through on-premises ePO™ servers. The attacker would need to be on the same network as the ePO™ server, and know an ePO™ administrator's credentials, to exploit this vulnerability. The credentials for obtaining logs from Web Gateway and Web Gateway Cloud Server are configured in different parts of the ePO™ extension. The best practice is to have different passwords for each service. The passwords exposed through this vulnerability are stored encrypted in the CSR database, both before and post this fix.
Cleartext Transmission of Sensitive Information vulnerability in the ePO™ Extension of Content Security Reporter prior to 2.8.0 allows an ePO™ administrator to view the unencrypted password of the Web Gateway or the password of the Web Gateway Cloud Server read only user used to retrieve log files for analysis in Content Security Reporter.
To remediate this issue , the minimum version to upgrade is 2.8.0 or use the latest Content Security Reporter 2.9.1.
The installation files are available from here :