1. CVE-Search
  2. CVE-2021-22939
ID CVE-2021-22939
Summary If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
References
Vulnerable Configurations
  • cpe:2.3:a:nodejs:node.js:12.0.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.0.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.1.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.1.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.2.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.2.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.3.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.3.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.3.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.3.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.4.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.4.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.5.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.5.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.6.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.6.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.7.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.7.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.8.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.8.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.8.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.8.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.9.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.9.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.9.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.9.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.10.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.10.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.11.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.11.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.11.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.11.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.12.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.12.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.13.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.13.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.13.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.13.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.14.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.14.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.14.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.14.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.15.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.15.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.16.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.16.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.16.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.16.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.16.2:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.16.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.16.3:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.16.3:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.17.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.17.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.18.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.18.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.18.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.18.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.18.2:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.18.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.18.3:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.18.3:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.18.4:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.18.4:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.19.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.19.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.19.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.19.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.20.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.20.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.20.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.20.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.20.2:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.20.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.21.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.21.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.22.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.22.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.22.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.22.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.22.2:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.22.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.22.3:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.22.3:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:12.22.4:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:12.22.4:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.0.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.0.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.1.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.1.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.2.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.2.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.3.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.3.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.4.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.4.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.5.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.5.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.6.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.6.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.7.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.7.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.8.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.8.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.9.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.9.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.10.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.10.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.10.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.10.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.11.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.11.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.12.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.12.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.13.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.13.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.13.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.13.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.14.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.14.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.15.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.15.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.15.2:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.15.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.15.3:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.15.3:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.15.4:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.15.4:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.15.5:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.15.5:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.16.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.16.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.16.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.16.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.17.0:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.17.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.17.1:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.17.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.17.2:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.17.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.17.3:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.17.3:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:14.17.4:*:*:*:lts:*:*:*
    cpe:2.3:a:nodejs:node.js:14.17.4:*:*:*:lts:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.0.0:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.0.0:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.1.0:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.1.0:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.2.0:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.2.0:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.3.0:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.3.0:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.4.0:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.4.0:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.4.1:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.4.1:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.4.2:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.4.2:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.5.0:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.5.0:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.6.0:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.6.0:*:*:*:-:*:*:*
  • cpe:2.3:a:nodejs:node.js:16.6.1:*:*:*:-:*:*:*
    cpe:2.3:a:nodejs:node.js:16.6.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.1:beta:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.2:beta:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.1:m2:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.1:m2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.30:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.1:m1:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.1:m1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.2:m2:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.2:m2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.3:rc:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.3:rc:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.29:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.29:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.33:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.33:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.34:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.34:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.38:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.38:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.0:m1:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.1:m2:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.1:m2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.2:m3:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.2:m3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.28:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sinec_infrastructure_network_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sinec_infrastructure_network_services:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-01-2024 - 10:15)
Impact:
Exploitability:
CWE CWE-295
CAPEC
  • Creating a Rogue Certification Authority Certificate
    An adversary exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The adversary specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The adversary then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the adversary which is signed with its private key. An adversary then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the adversary is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the adversary and of course any certificates that it signs. So the adversary is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec).
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
Last major update 05-01-2024 - 10:15
Published 16-08-2021 - 19:15
Last modified 05-01-2024 - 10:15
Back to Top