Vulnerabilites related to netapp - e-series_performance_analyzer
Vulnerability from fkie_nvd
Published
2021-03-18 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/grafana/grafana/blob/master/CHANGELOG.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210513-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grafana/grafana/blob/master/CHANGELOG.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210513-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grafana | grafana | * | |
| netapp | e-series_performance_analyzer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "0BE6AA9C-F31D-4F0D-B6FE-B144164C6FF6", versionEndIncluding: "7.4.1", versionStartIncluding: "6.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.", }, { lang: "es", value: "La funcionalidad snapshot en Grafana versiones 6.7.3 hasta la 7.4.1, puede permitir a atacantes remotos no autenticados desencadenar una Denegación de Servicio por medio de una llamada de la API remota si es ajustada una configuración usada comúnmente", }, ], id: "CVE-2021-27358", lastModified: "2024-11-21T05:57:50.223", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T20:15:13.253", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0007/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*", matchCriteriaId: "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "89175649-A3CE-4A15-B875-C93D289F8307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "665B33FE-52FE-4E17-8A80-D61656C49900", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*", matchCriteriaId: "405536FF-8BB9-4926-97E3-61BAA3A75E08", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*", matchCriteriaId: "52496989-B639-4E8E-8319-D5D9FE5B30DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4BF92693-510C-48A4-ABFC-AD975DB971CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*", matchCriteriaId: "465CFA59-8E94-415A-ACF0-E678826813BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "85BDC28A-484B-4D14-8D68-890450DCE3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "40A221DB-1684-4C87-B576-0969FE13E1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DE6A1B86-3688-4A13-AB37-DBD0DA323202", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*", matchCriteriaId: "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1704C904-6E0A-4972-BC94-326D8BC6315A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "280520BC-070C-4423-A633-E6FE45E53D57", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC", versionEndIncluding: "11.60.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", matchCriteriaId: "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegación de servicio parcial (DOS parcial) de Java SE. Nota: Esta vulnerabilidad solo puede ser explotada proporcionando datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start no confiables o applets Java no confiables, así como por medio de un servicio web. CVSS 3.0 Puntaje Base 3.7 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2654", lastModified: "2024-11-21T05:25:54.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:24.050", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 15:15
Modified
2024-11-21 06:21
Severity ?
Summary
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "B213E696-A6D9-45E7-B4E4-E4CFE54ECEB8", versionEndExcluding: "1.1.1k", versionStartIncluding: "1.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*", matchCriteriaId: "73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*", matchCriteriaId: "62A178A3-6A52-4981-9A27-FB07AD8AF778", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*", matchCriteriaId: "54A487B1-E5CE-4C76-87E8-518D24C5D86D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", matchCriteriaId: "280AA828-6FA9-4260-8EC1-019423B966E1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "361B791A-D336-4431-8F68-8135BEFFAEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "4ACF85D6-6B45-43DA-9C01-F0208186F014", versionEndExcluding: "6.0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", matchCriteriaId: "0AC12300-9051-4C70-9941-9FE5E64B4B30", versionEndIncluding: "8.13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*", matchCriteriaId: "657682A0-54D5-4DC6-A98E-8BAF685926C4", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*", matchCriteriaId: "8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*", matchCriteriaId: "8661D361-71B5-4C41-A818-C89EC551D900", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*", matchCriteriaId: "253603DC-2D92-442A-B3A8-A63E14D8A070", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*", matchCriteriaId: "8E112CFF-31F9-4D87-9A1B-AE0FCF69615E", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", matchCriteriaId: "AC1721B5-9FCD-47C3-8338-E02932CF2C05", versionEndIncluding: "5.17.0", versionStartIncluding: "5.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*", matchCriteriaId: "DEA7F1FD-9FAB-4654-98B0-4588EEC8B69A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*", matchCriteriaId: "868B2C4B-CE6B-41DA-A373-7D4FA51EFE9F", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*", matchCriteriaId: "550F47A2-3393-481E-BC40-CE606BFA8776", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*", matchCriteriaId: "43392D27-6C07-41C7-A17F-10C433338CE9", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*", matchCriteriaId: "8FBF6C4C-195F-49A7-861D-52677D9BE58D", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*", matchCriteriaId: "90732D53-E802-4E1B-B6C8-B1FDCE7905A4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:*:*:*:*:*:*:*", matchCriteriaId: "A98B128A-C58E-48EC-B691-AF73126A0822", vulnerable: true, }, { criteria: "cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:*:*:*:*:*:*:*", matchCriteriaId: "345B990F-C1C4-440B-804E-0A2882FE7C01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*", matchCriteriaId: "08601413-25E2-4977-B67A-C11A9D788EA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:*:*:*:*:*:*:*", matchCriteriaId: "EFC067CC-EB90-43F5-9674-089D5C611573", vulnerable: true, }, { criteria: "cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:*:*:*:*:*:*:*", matchCriteriaId: "80B223A7-1039-445D-ABE1-5E481004D956", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*", matchCriteriaId: "1584E1B4-412C-40E2-BF07-4E464692F2AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*", matchCriteriaId: "A0002A29-8B42-445D-9EC4-58BC93194241", vulnerable: true, }, { criteria: "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:*:*:*:*:*:*:*", matchCriteriaId: "3B0EDB21-9305-4601-AB96-A77BD00F311D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "9016DDF6-285C-4E64-88D0-29ECCEF048F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "570DB369-A31B-4108-A7FD-09F674129603", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "61516569-C48F-4362-B334-8CA10EDB0EC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "058C7C4B-D692-49DE-924A-C2725A8162D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0F0434A5-F2A1-4973-917C-A95F2ABE97D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "96DD93E0-274E-4C36-99F3-EEF085E57655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "86305E47-33E9-411C-B932-08C395C09982", versionEndExcluding: "9.2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", matchCriteriaId: "0B1CAD50-749F-4ADB-A046-BF3585677A58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", matchCriteriaId: "A8782A14-89B0-45EE-A5CB-FF715F5BA379", versionEndIncluding: "8.0.23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "5C40ECC8-933B-47A4-8082-FCF0EF9C973E", versionEndIncluding: "5.7.33", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "32714AD7-BCD1-4624-9923-5E6D927CF3CB", versionEndIncluding: "8.0.23", versionStartIncluding: "8.0.15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "CB1A94E1-A6C6-488D-A74C-6C0B24637272", versionEndIncluding: "8.0.23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", matchCriteriaId: "C01E8B82-71C7-4A4A-A70A-7B147524AB4A", versionEndExcluding: "18.1.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*", matchCriteriaId: "9DA11710-9EA8-49B4-8FD1-3AEE442F6ADC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E8B6D50-D482-43E9-A20D-FA77FD59AE2D", versionEndExcluding: "10.2.1.0-17sv", versionStartIncluding: "10.2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", matchCriteriaId: "8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:capture_client:3.5:*:*:*:*:*:*:*", matchCriteriaId: "349EB4AE-65E3-42DC-8F9C-3A1A155324D7", vulnerable: true, }, { criteria: "cpe:2.3:o:sonicwall:sonicos:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2BD8688A-2D55-4A7E-A143-1BD0FCF957B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5081E52B-E7C0-46BD-B1D0-2C70ABCC8831", versionStartIncluding: "6.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rcm1224:-:*:*:*:*:*:*:*", matchCriteriaId: "3747CDD7-E833-4B68-A362-77D6A2E9D888", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "058D21EA-E94C-4DDC-AD92-967DAC934457", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*", matchCriteriaId: "52A77C9D-E59C-4397-B834-797D7B334A6B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "424CD8EA-D8CB-40C7-8E0F-AC4B05C59C99", versionStartIncluding: "6.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", matchCriteriaId: "DFB9921A-5204-40A3-88AB-B7755F5C6875", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "858B6A84-5D0E-4E23-AE32-A45B51BAC8CF", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*", matchCriteriaId: "F4D89D82-C2CE-44DC-A05B-B956F20BF4E3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D173626B-9C50-489F-8BA4-1C45E5F96526", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*", matchCriteriaId: "CA7B48D2-0D17-420D-AAE1-35E5C0BE2924", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E967F5FC-6F3E-4982-8813-CA1DAF3BE165", versionStartIncluding: "6.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", matchCriteriaId: "E917CBBB-EF41-4113-B0CA-EB91889235E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81F315D8-0B26-4442-B330-85124017A482", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*", matchCriteriaId: "F80D9A79-7984-462B-B4B9-6A4429422038", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F20F735-7A70-4A24-9621-786F99C8F87D", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*", matchCriteriaId: "B51B40F8-71D2-4D2D-8EC2-CE154A6D7533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "973B8030-B630-4D67-B897-25A359A96185", versionStartIncluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*", matchCriteriaId: "725C671B-D7A0-48CF-8A31-5F9C4173F1DD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "86EA8E3F-81BD-47BC-9834-A9B69CA7E70C", versionStartIncluding: "6.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*", matchCriteriaId: "D3033B1E-57A6-4AE3-A861-7047CF8EAD79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w1700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BE116AD9-B55F-41C8-8B55-329809DB63E1", versionStartIncluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w1700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D9A73DD-4A21-4096-B4B6-A0A825E71006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "144CDF5E-7E07-428B-B4DF-C94992B3A44A", versionEndExcluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*", matchCriteriaId: "6CB3CC2D-CBF0-4F53-A412-01BBC39E34C2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "339FFBDF-6957-481F-84CE-878B5CAAD9C8", versionEndExcluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*", matchCriteriaId: "7719E194-EE3D-4CE8-8C85-CF0D82A553AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FBB13D3-4E04-4D01-B880-C16C4FFA240B", versionEndExcluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*", matchCriteriaId: "58377C58-F660-4C17-A3CB-BFC2F28848CD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E40058B3-3726-4F6A-AB41-7679487639F2", versionEndExcluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*", matchCriteriaId: "798E900F-5EF9-4B39-B8C2-79FAE659E7F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E642D10-E701-44DF-863B-D0DAA5530F50", versionEndExcluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*", matchCriteriaId: "8F962FC7-0616-467F-8CCA-ADEA224B5F7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A53C2B5-A3FD-44CC-A78B-D2124EF37DB4", versionEndExcluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*", matchCriteriaId: "434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54FBE4D4-F31E-4B61-9216-44C8EC2988AB", versionEndExcluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*", matchCriteriaId: "B0E6B7D8-3F9E-43D6-AEFE-DEE3993679C5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "20511D61-FC1D-453E-BDF6-D3FB9951192A", versionEndExcluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*", matchCriteriaId: "67661569-6233-4C74-9C72-88BD14B257FE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "640AC619-B516-46FC-821B-09C4542A3FD6", versionEndExcluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*", matchCriteriaId: "3E048C4A-A414-4C87-A865-4D4218AE32EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FB979DB-731B-4693-A9F8-B11ED953717C", versionEndExcluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_xr552-12:-:*:*:*:*:*:*:*", matchCriteriaId: "09743616-31C9-4E47-8A4A-B15D76204BE7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "886D2FE6-B054-4E3B-BACB-F08C0A119A80", versionStartIncluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "3B185B70-CAC9-47AC-8639-7A4707C21540", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_cloud_connect_7:-:*:*:*:*:*:*:*", matchCriteriaId: "9FA78457-260C-467B-9785-04B3C8EDF3B3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ABEA3BEE-E7AF-4C9A-ADE4-CE7FC1DB7639", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "049460B8-6186-44F9-B41F-284A2EC0B3B4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "205482DA-548C-4757-91F0-1599438873BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "45208694-635A-42AC-B668-8B67C60568B8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*", matchCriteriaId: "7D8F8BCE-35CE-492A-8BFE-2C36EA51CE5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4C147D9-4649-4289-B18B-55BD6E33521A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*", matchCriteriaId: "F4830E0D-0128-4E5B-AB81-2B238471AE4B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54EFA8B5-8DA1-4547-9E15-BDC265C56006", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*", matchCriteriaId: "B1CEB200-E38F-4629-9279-5AF065396678", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_mv500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE4FA1E6-4C5A-4CDC-AD40-E384C0BCA90D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_mv500:-:*:*:*:*:*:*:*", matchCriteriaId: "93A5B50E-0316-4189-8F41-54732CFCF63F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D254DA1D-C53E-426B-9C69-580CC47CF0AA", versionStartIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*", matchCriteriaId: "65278BA0-3C81-4D81-9801-D7BE3A1D7680", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C06A02ED-0BA3-4A2C-AF0C-689B8AEB34B8", versionStartIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*", matchCriteriaId: "209C7B1E-10F6-4215-AF69-CC36192E0FCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8C00EE-1154-440C-A223-A2CE99CE3126", versionStartIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:*:*:*:*:*:*:*", matchCriteriaId: "171A9543-E677-422F-8AEA-1BC2D0E53593", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB201DD3-8890-453E-A11E-1E13B3DAB3F9", versionStartIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*", matchCriteriaId: "350FD323-C876-4C7A-A2E7-4B0660C87F6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61E498B1-87FF-454B-8DF0-61D0D3208491", versionStartIncluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", matchCriteriaId: "C1EE2F10-A7A6-486F-AE5C-53AE25BAF200", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90FB801F-11B5-438C-98A1-E928BFEA2ADB", versionEndExcluding: "3.0", versionStartIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*", matchCriteriaId: "F56C2BDC-928E-491A-8E7C-F976B3787C7A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8E4BA1E6-64F7-4B96-8302-134057DAB1BE", versionStartIncluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*", matchCriteriaId: "783B50B8-2FB7-4982-88AA-B4F2AD094796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DCA9544-DD17-4F56-B34C-91A3F37154AF", versionStartIncluding: "1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*", matchCriteriaId: "1256EB4B-DD8A-4F99-AE69-F74E8F789C63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5C25165E-EDE9-42F1-A3B9-0E47630D49CC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:*:*:*:*:*:*:*", matchCriteriaId: "5BF281FB-26E0-43E4-A2B6-4015661368AC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_pcs_neo_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6EEACFC9-41B7-4EE0-9427-692363880326", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_pcs_neo:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3CA343-CA2A-4593-930C-158612CE7A55", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E9AE23E-7DAE-4191-BA4E-A7CD655C4BC8", versionStartIncluding: "9.1.0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:*", matchCriteriaId: "E092B735-42D5-48D5-947B-288C0FA2E180", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D874D636-392A-4750-B976-F411DBCEBA8D", versionStartIncluding: "2019", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:*", matchCriteriaId: "14EC9343-7778-40B0-A74D-5C156FF2A229", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "968FBB4E-5B0B-43D4-B3AD-418028093990", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*", matchCriteriaId: "391AD485-A49D-43D0-AAE5-1F58B38D4E22", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5212F097-B65A-4D73-BB6F-49687F8AD980", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*", matchCriteriaId: "82494B5E-80EE-47ED-B87E-CF8C8907B6FE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D806113B-57EB-4AA0-9D5E-12E30337A93B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*", matchCriteriaId: "9B0933EB-82BE-42BB-978B-C9EC2FE1C795", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53FA50A7-2DF6-454E-8A8E-838C392AB417", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*", matchCriteriaId: "1EAEB335-BD22-4CEF-A3EA-9D98A09FEBF0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F3D41E9-58B3-4251-8710-A8C4A24ABBD3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*", matchCriteriaId: "E21F9909-8D80-40BE-81E0-6ED7FE140A3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC628CB7-0816-4267-9C5D-954BD0233D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*", matchCriteriaId: "B0927991-E820-4FC3-9EFE-96E4C9BFCCCD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "88E64167-16AA-48D7-BCDC-B15D37FA666D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*", matchCriteriaId: "63F05227-208B-42C8-8D56-A5D106CAD32F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47F1294A-1C26-4D43-9C53-D833F2510536", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*", matchCriteriaId: "3871C0C9-C65E-4E0B-9CA8-75E60066297F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4AF60081-D534-44F5-972F-23257F16F372", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*", matchCriteriaId: "07849777-92E7-41D2-9128-F8D20DE15391", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AEF1726E-B56F-4D39-AFF4-E79A3CA00DE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*", matchCriteriaId: "68B3573B-A31E-4489-B2DD-B01B5C1D03CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CC4A9F7-9858-4F95-8097-F8D09DA61314", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*", matchCriteriaId: "B640800C-9263-4BEA-9DA5-1323932540BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4948734A-0AAD-4D28-B7FF-FFBBB9AA39C6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*", matchCriteriaId: "FE17584A-BF7A-48B8-A9CB-477663766C63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CC4A9F7-9858-4F95-8097-F8D09DA61314", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*", matchCriteriaId: "B640800C-9263-4BEA-9DA5-1323932540BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6EE37798-B068-40E5-BC03-1D8D303E5926", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*", matchCriteriaId: "76C7D55C-8D99-4E2F-A254-1BDE2B12A203", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8E0C491C-5C4A-4F1C-ABD4-9502A54AAA78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*", matchCriteriaId: "CC4698CF-F935-4707-BA91-7E3650C7956C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E7657063-1296-4734-B108-A2FF7A01B07F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*", matchCriteriaId: "232279DE-CF1C-4A3C-886D-B4CE3F104F09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8C477CCD-06C7-4907-8B0C-4FCE7F6DADAD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\/dp_mfp:-:*:*:*:*:*:*:*", matchCriteriaId: "3BC4FA01-8DDB-41E4-B759-7B504F78AEBC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:sinamics_connect_300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3360ACCE-E735-4E34-B278-0D4460E74CBF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:sinamics_connect_300:-:*:*:*:*:*:*:*", matchCriteriaId: "7B854F5B-78C7-41FE-9364-5E71B36342A3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D2B20D95-C4B3-4D13-A3D8-F22AC42DC059", versionEndExcluding: "2.2", versionStartIncluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*", matchCriteriaId: "C1D94BEB-BBFB-4258-9835-87DBBB999239", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:simatic_logon:*:*:*:*:*:*:*:*", matchCriteriaId: "D6F24E40-F3F0-48F3-B3DC-5F98B0564F7A", versionStartIncluding: "1.6.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1:*:*:*:*:*:*", matchCriteriaId: "423359E5-9C36-4C6B-AB24-B030E6C61D53", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*", matchCriteriaId: "79EE15DC-74D3-4551-AAD0-EA0CB600DA76", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:*:*:*:*:*:*:*", matchCriteriaId: "F3169FD3-CBA2-417C-95EF-4F8AE9FAB5AD", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_nms:1.0:-:*:*:*:*:*:*", matchCriteriaId: "4ED13FC8-63C0-42C6-A51C-C480C45327C2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "E68FE047-8F53-46B8-82D4-9342B1C8CA55", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_pni:-:*:*:*:*:*:*:*", matchCriteriaId: "1353DC31-FB12-427A-B1B2-9164A4BEE14B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*", matchCriteriaId: "B0A5CC25-A323-4D49-8989-5A417D12D646", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinema_server:14.0:sp1:*:*:*:*:*:*", matchCriteriaId: "A690BCD3-6497-43F7-8A51-E033B9121DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinema_server:14.0:sp2:*:*:*:*:*:*", matchCriteriaId: "AA375D44-ECC5-4BD3-A3D5-6D2AA68782D5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1:*:*:*:*:*:*", matchCriteriaId: "6CD26C73-B61F-424B-91C2-352E2CAE6666", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2:*:*:*:*:*:*", matchCriteriaId: "DB4EA15F-ECA4-477F-948F-490FC90BC66A", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinumerik_opc_ua_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ABA14E65-214C-431D-A49A-D8FC142D4541", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*", matchCriteriaId: "915B09CB-CA0A-445B-89D3-16AE9B08858E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "25A3180B-21AF-4010-9DAB-41ADFD2D8031", versionEndIncluding: "10.12.0", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "43B199B4-D89C-483D-ACAE-6CB2A59EE67C", versionEndIncluding: "10.24.0", versionStartIncluding: "10.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "564ED5C8-50D7-413A-B88E-E62B6C07336A", versionEndIncluding: "12.12.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "3DEBF7C8-B000-47B9-B597-DC440F2603B3", versionEndExcluding: "12.22.1", versionStartIncluding: "12.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "428DCD7B-6F66-4F18-B780-5BD80143D482", versionEndIncluding: "14.14.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "380D03F3-6A7E-43A2-B002-FB2521FD3C58", versionEndExcluding: "14.16.1", versionStartIncluding: "14.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "3ED4D313-F372-4CC1-BE11-6BBA2F0E90E3", versionEndExcluding: "15.14.0", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).", }, { lang: "es", value: "Un servidor OpenSSL TLS puede cometer un fallo si un cliente envía un mensaje ClientHello de renegociación diseñado maliciosamente. Si una renegociación de TLSv1.2 ClientHello omite la extensión signature_algorithms (donde estaba presente en el ClientHello inicial), pero incluye una extensión signature_algorithms_cert, se producirá una desreferencia del puntero NULL, lo que conllevará un bloqueo y un ataque de denegación de servicio. Un servidor solo es vulnerable si tiene TLSv1.2 y la renegociación habilitada (que es la configuración predeterminada). Los clientes de OpenSSL TLS no están afectados por este problema. Todas las versiones de OpenSSL versión 1.1.1 están afectadas por este problema. Los usuarios de estas versiones deben actualizar a OpenSSL versión 1.1.1k. OpenSSL versión 1.0.2 no está afectado por este problema. Corregido en OpenSSL versión 1.1.1k (Afectadas versiones 1.1.1-1.1.1j)", }, ], id: "CVE-2021-3449", lastModified: "2024-11-21T06:21:33.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T15:15:13.450", references: [ { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/1", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/2", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/3", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/4", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10356", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202103-03", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210326-0006/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { source: "openssl-security@openssl.org", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4875", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20210325.txt", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-05", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-06", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-09", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202103-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210326-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20210325.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*", matchCriteriaId: "8F257E03-5BA1-4743-983A-6C08F8572FFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*", matchCriteriaId: "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito requieren una interacción humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start dentro del sandbox o applets de Java dentro del sandbox, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y confían en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, comúnmente en servidores, que cargan y ejecutan solo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.0 Puntuación Base 8.3 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], id: "CVE-2020-2805", lastModified: "2024-11-21T05:26:19.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 6, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:28.437", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*", matchCriteriaId: "8F257E03-5BA1-4743-983A-6C08F8572FFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*", matchCriteriaId: "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito requieren una interacción humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start dentro del sandbox o applets de Java dentro del sandbox, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y confían en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, comúnmente en servidores, que cargan y ejecutan solo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.0 Puntuación Base 8.3 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], id: "CVE-2020-2803", lastModified: "2024-11-21T05:26:18.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 6, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:28.280", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-09 07:15
Modified
2024-11-21 07:28
Severity ?
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python | python | * | |
| python | python | * | |
| python | python | * | |
| python | python | * | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | element_software | - | |
| netapp | hci | - | |
| netapp | management_services_for_element_software | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "20A23D09-CFA7-4028-A5E9-7AD784C2B9D8", versionEndIncluding: "3.7.15", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "9E43ADF1-EABE-45A4-96BE-F1E018ADAEE3", versionEndIncluding: "3.8.15", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB09E1E-A9D2-494E-9481-1BBA00D3CFEC", versionEndIncluding: "3.9.15", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "2415C537-F33F-496E-BD1C-65887C29FA0B", versionEndIncluding: "3.10.8", versionStartIncluding: "3.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:-:*:*:*:*:*:*", matchCriteriaId: "E533460B-E5D6-4C30-A36B-15E2DDF4121C", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "514A577E-5E60-40BA-ABD0-A8C5EB28BD90", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "83B71795-9C81-4E5F-967C-C11808F24B05", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*", matchCriteriaId: "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*", matchCriteriaId: "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*", matchCriteriaId: "AEBFDCE7-81D4-4741-BB88-12C704515F5C", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*", matchCriteriaId: "156EB4C2-EFB7-4CEB-804D-93DB62992A63", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*", matchCriteriaId: "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*", matchCriteriaId: "554015CB-0325-438B-8C11-0F85F54ABC50", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*", matchCriteriaId: "8037C129-0030-455E-A359-98E14D1498D4", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*", matchCriteriaId: "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*", matchCriteriaId: "6657ED60-908B-48E6-B95B-572E57CFBB69", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*", matchCriteriaId: "1EF628A1-82F5-403C-B527-388C13507CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*", matchCriteriaId: "3055A198-13F8-42C0-8FD7-316AA8984A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:rc2:*:*:*:*:*:*", matchCriteriaId: "03591292-46A3-4F6C-9DC6-4C7BFC4C8743", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", matchCriteriaId: "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "86B51137-28D9-41F2-AFA2-3CC22B4954D1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", }, { lang: "es", value: "Se descubrió un problema en Python antes de la versión 3.11.1. Existe un algoritmo cuadrático innecesario en una ruta cuando se procesan algunas entradas al decodificador IDNA (RFC 3490), de modo que un nombre elaborado e irrazonablemente largo que se presente al decodificador podría provocar una denegación de servicio de la CPU. Los nombres de host suelen ser proporcionados por servidores remotos que podrían estar controlados por un actor malicioso; en tal escenario, podrían desencadenar un consumo excesivo de CPU en el cliente que intenta hacer uso de un supuesto nombre de host proporcionado por el atacante. Por ejemplo, el payload del ataque podría colocarse en el encabezado Ubicación de una respuesta HTTP con el código de estado 302. Está prevista una solución en 3.11.1, 3.10.9, 3.9.16, 3.8.16 y 3.7.16.", }, ], id: "CVE-2022-45061", lastModified: "2024-11-21T07:28:42.067", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-09T07:15:09.887", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/python/cpython/issues/98433", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-02", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/python/cpython/issues/98433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-407", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://security.gentoo.org/glsa/202209-15 | Third Party Advisory | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20200717-0005/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2020.html | Vendor Advisory | |
| secalert_us@oracle.com | https://www.zerodayinitiative.com/advisories/ZDI-20-897/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202209-15 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200717-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-897/ | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JavaFX). La versión compatible que está afectada es Java SE: 8u251. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y confían en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo código confiable (por ejemplo, código instalado por parte de un administrador). CVSS 3.1 Puntuación Base 8.3 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)", }, ], id: "CVE-2020-14664", lastModified: "2024-11-21T05:03:50.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:31.333", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-897/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-897/", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "221B755E-48C0-4530-AFBD-4B00CF6A696F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "27495366-B260-4F56-9BC2-9B862E7DCABC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "99BFD3EF-DAEC-47D2-A906-5C418DA9D1F6", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "23F6933C-6A56-42C2-BECA-AB2A013C173D", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:-:*:*:*:*:*:*", matchCriteriaId: "C2685FF4-8022-4D16-BC6C-F85508C9B9DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix1:*:*:*:*:*:*", matchCriteriaId: "290E71B0-8118-4F05-8CCB-3E952420E370", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix2:*:*:*:*:*:*", matchCriteriaId: "B91A378C-4F0C-43B8-9DA4-818ADD51C32E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix3:*:*:*:*:*:*", matchCriteriaId: "359D129D-8E7D-4EE1-9894-D35F9292459E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:-:*:*:*:*:*:*", matchCriteriaId: "22455AE9-D137-412F-855A-069478B73BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix1:*:*:*:*:*:*", matchCriteriaId: "E9518ACD-79E5-4FF4-9BB3-7D92E9B18D79", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix2:*:*:*:*:*:*", matchCriteriaId: "5B16EF24-B756-4FCC-9211-1D2E50863940", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix3:*:*:*:*:*:*", matchCriteriaId: "240238B8-B3BC-4DDB-A846-6193EA06D9A4", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:-:*:*:*:*:*:*", matchCriteriaId: "65418AD1-C8F4-4BC9-9B49-C2AE74922651", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:hotfix1:*:*:*:*:*:*", matchCriteriaId: "573B5699-CA26-47C6-A226-C7315A16C02E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:-:*:*:*:*:*:*", matchCriteriaId: "FB1A0CF4-67A6-4FCC-BD15-60D15C7AE403", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:hotfix1:*:*:*:*:*:*", matchCriteriaId: "F10CAF8F-8795-490B-B14D-868AEC34883C", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*", matchCriteriaId: "29DB881A-6CB1-46FD-93F2-A4FD277B9132", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*", matchCriteriaId: "C397BB56-6B67-4625-BACB-47C667FB0452", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*", matchCriteriaId: "AA663385-DB25-4CD2-AC7D-FB501B37AFA4", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A0F26126-55C2-4E2E-A586-D93FF38ABF6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: JSSE). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. También puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 5.3 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2781", lastModified: "2024-11-21T05:26:15.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:27.030", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-15 17:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| gnome | glib | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | e-series_performance_analyzer | - | |
| broadcom | brocade_fabric_operating_system_firmware | - | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", matchCriteriaId: "04BDBBFD-75D9-4681-9225-F38780B6757E", versionEndExcluding: "2.66.7", vulnerable: true, }, { criteria: "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", matchCriteriaId: "AED4217E-24BB-43F3-B979-8077FDF50DA4", versionEndExcluding: "2.67.4", versionStartIncluding: "2.67.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.", }, { lang: "es", value: "Se detectó un problema en GNOME GLib versiones anteriores a 2.66.7 y versiones 2.67.x anteriores a 2.67.4. Si se llamó a la función g_byte_array_new_take() con un búfer de 4 GB o más sobre una plataforma de 64 bits, la longitud debería ser truncada módulo 2**32, causando un truncamiento de la longitud no prevista", }, ], id: "CVE-2021-27218", lastModified: "2024-11-21T05:57:37.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-15T17:15:13.073", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-13", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-681", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://security.gentoo.org/glsa/202006-22 | Third Party Advisory | |
| secalert_us@oracle.com | https://security.gentoo.org/glsa/202209-15 | Third Party Advisory | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20200122-0003/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202006-22 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202209-15 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200122-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "45E3A969-BFC2-45E2-B301-813E9335FC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "280520BC-070C-4423-A633-E6FE45E53D57", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "A0DA944C-4992-424D-BC82-474585DAC5DF", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JavaFX). La versión compatible que está afectada es Java SE: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o a todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versión 8), que cargan y ejecutan código no confiable (por ejemplo, código que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntaje Base 5.9 (Impactos en la Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], id: "CVE-2020-2585", lastModified: "2024-11-21T05:25:38.217", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:19.287", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "27495366-B260-4F56-9BC2-9B862E7DCABC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Scripting). Las versiones compatibles que están afectadas son Java SE: 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox . También puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox , tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2755", lastModified: "2024-11-21T05:26:10.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:25.420", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-04 09:15
Modified
2024-11-21 05:51
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| handlebarsjs | handlebars | * | |
| netapp | e-series_performance_analyzer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:handlebarsjs:handlebars:*:*:*:*:*:node.js:*:*", matchCriteriaId: "D57084A5-784A-4392-AF0D-6EB14CF4B573", versionEndExcluding: "4.7.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.", }, { lang: "es", value: "El package handlebars versiones anteriores a 4.7.7, son vulnerables a una Contaminación de Prototipos al seleccionar determinadas opciones de compilación para agrupar plantillas que provienen de una fuente no confiable", }, ], id: "CVE-2021-23383", lastModified: "2024-11-21T05:51:36.913", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.4, source: "report@snyk.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-04T09:15:07.753", references: [ { source: "report@snyk.io", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", }, { source: "report@snyk.io", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210618-0007/", }, { source: "report@snyk.io", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031", }, { source: "report@snyk.io", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032", }, { source: "report@snyk.io", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030", }, { source: "report@snyk.io", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210618-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029", }, ], sourceIdentifier: "report@snyk.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1321", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*", matchCriteriaId: "8F257E03-5BA1-4743-983A-6C08F8572FFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*", matchCriteriaId: "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Lightweight HTTP Server). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded, así como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad solo puede ser explotada al proporcionar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start No Confiables o applets Java No Confiables, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 4.8 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], id: "CVE-2020-2800", lastModified: "2024-11-21T05:26:18.180", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:28.060", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-13 22:15
Modified
2024-11-21 07:03
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/grafana/grafana/releases/tag/v9.1.8 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://security.netapp.com/advisory/ntap-20221124-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grafana/grafana/releases/tag/v9.1.8 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221124-0002/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "FDAE1A84-3ACC-4651-9FF8-B73F958DC2AC", versionEndExcluding: "8.5.14", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E1ACC7-F43B-4395-A1FD-44CAEB43430D", versionEndExcluding: "9.1.8", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.", }, { lang: "es", value: "Grafana es una plataforma de código abierto de observabilidad y visualización de datos. Las versiones anteriores a 9.1.8 y 8.5.14, son vulnerables a una omisión en la verificación de la firma del plugin. Un atacante puede convencer a un administrador del servidor para que descargue y ejecute con éxito un plugin malicioso a pesar de que los plugins sin firma no están permitidos. Las versiones 9.1.8 y 8.5.14 contienen un parche para este problema. Como mitigación, no instale plugins descargados de fuentes no confiables", }, ], id: "CVE-2022-31123", lastModified: "2024-11-21T07:03:56.640", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.5, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-13T22:15:10.050", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/releases/tag/v9.1.8", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221124-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/releases/tag/v9.1.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221124-0002/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-21 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "90907017-473C-48CA-9441-DAFAF5F81049", versionEndIncluding: "1.1.1f", versionStartIncluding: "1.1.1d", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", matchCriteriaId: "BD730B6A-F123-4685-ACB3-4F20AAAB77F3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*", matchCriteriaId: "CDD7E6AC-A613-4938-91D1-402DA2038875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F87918FE-62C0-4DC5-8894-847DFB5B7E5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "61516569-C48F-4362-B334-8CA10EDB0EC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", matchCriteriaId: "0B1CAD50-749F-4ADB-A046-BF3585677A58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "C6C5EC81-F74A-4280-A041-EC5EE36D0919", versionEndIncluding: "5.6.48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "E1A68EF8-15AA-42A7-9734-6F9470EB35CD", versionEndIncluding: "5.7.30", versionStartIncluding: "5.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "0E1A3769-E443-4511-B349-B5304F5E6EBD", versionEndIncluding: "8.0.20", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", matchCriteriaId: "7F198EB3-A3AB-42EA-BF3A-D8BB4D9210EE", versionEndIncluding: "8.0.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "9A3BBE71-CA00-4F54-9210-FC7572C87CFB", versionEndIncluding: "4.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "73573516-EDA0-4176-A3ED-2F7006C87F8E", versionEndIncluding: "8.0.20", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "9E07B577-50FE-43B4-8AAD-4C267A494A36", versionEndIncluding: "8.0.21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*", matchCriteriaId: "0E4475E9-FF6F-4B94-8989-D8E2EB69F782", versionEndExcluding: "9.2.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "4ACF85D6-6B45-43DA-9C01-F0208186F014", versionEndExcluding: "6.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).", }, { lang: "es", value: "Las aplicaciones de Servidor o Cliente que llaman a la función SSL_check_chain() durante o después del protocolo de enlace de TLS versión 1.3, puede bloquear debido a una desreferencia del puntero NULL como resultado de un manejo incorrecto de la extensión TLS \"signature_algorithms_cert\". El bloqueo ocurre si se recibe un algoritmo de firma no comprobada o ni reconocido del peer. Esto podría ser explotado por un peer malicioso en un ataque de Denegación de Servicio. OpenSSL versiones 1.1.1d, 1.1.1e y 1.1.1f están afectadas por este problema. Este problema no afectaba a OpenSSL versiones anteriores a la versión 1.1.1d. Corregido en OpenSSL versión 1.1.1g (Afectado en la versión 1.1.1d-1.1.1f).", }, ], id: "CVE-2020-1967", lastModified: "2024-11-21T05:11:45.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-21T14:15:11.287", references: [ { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/May/5", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/22/2", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1", }, { source: "openssl-security@openssl.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/irsl/CVE-2020-1967", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", }, { source: "openssl-security@openssl.org", url: "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E", }, { source: "openssl-security@openssl.org", url: "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E", }, { source: "openssl-security@openssl.org", url: "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202004-10", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200424-0003/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0004/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4661", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20200421.txt", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-03", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-04", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/May/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/22/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/irsl/CVE-2020-1967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202004-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200424-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20200421.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*", matchCriteriaId: "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "89175649-A3CE-4A15-B875-C93D289F8307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "665B33FE-52FE-4E17-8A80-D61656C49900", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*", matchCriteriaId: "405536FF-8BB9-4926-97E3-61BAA3A75E08", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*", matchCriteriaId: "52496989-B639-4E8E-8319-D5D9FE5B30DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4BF92693-510C-48A4-ABFC-AD975DB971CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*", matchCriteriaId: "465CFA59-8E94-415A-ACF0-E678826813BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "85BDC28A-484B-4D14-8D68-890450DCE3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "40A221DB-1684-4C87-B576-0969FE13E1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DE6A1B86-3688-4A13-AB37-DBD0DA323202", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*", matchCriteriaId: "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1704C904-6E0A-4972-BC94-326D8BC6315A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "3275348E-0FAF-4DC1-94A6-B53014659D49", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Networking). Las versiones compatibles que están afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded, así como también en el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versión 8), que cargan y ejecutan código no seguro (por ejemplo, código que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntuación Base 4.8 (Impactos en la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], id: "CVE-2020-2593", lastModified: "2024-11-21T05:25:40.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:19.817", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-15 12:15
Modified
2024-11-21 07:03
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Summary
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "38231605-A82E-4D32-893D-69A2FE01F808", versionEndExcluding: "8.3.10", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "A5136FB0-D7F8-4BDD-9C70-CB2648065A1F", versionEndExcluding: "8.4.10", versionStartIncluding: "8.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "7C2FAADE-D9EA-431C-ACFA-9F846F14B5A2", versionEndExcluding: "8.5.9", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E8B3E-D3A9-49A4-ABCD-4E87F8B527DD", versionEndExcluding: "9.0.3", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.", }, { lang: "es", value: "Grafana es una plataforma de código abierto para la monitorización y la observación. Las versiones de la rama 8.x y 9.x anteriores a 9.0.3, 8.5.6, 8.4.10 y 8.3.10, son vulnerables a un ataque de tipo cross-site scripting almacenado por medio de la función Unified Alerting de Grafana. Un atacante puede explotar esta vulnerabilidad para escalar el privilegio de editor a administrador al engañar a un administrador autenticado para que haga clic en un enlace. Las versiones 9.0.3, 8.5.6, 8.4.10 y 8.3.10 contienen un parche. Como mitigación, es posible deshabilitar las alertas o usar las alertas heredadas", }, ], id: "CVE-2022-31097", lastModified: "2024-11-21T07:03:53.317", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 5.8, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-15T12:15:08.903", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9/", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3/", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-02 15:15
Modified
2024-11-21 05:56
Severity ?
Summary
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210716-0008/ | Third Party Advisory | |
| cve@mitre.org | https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/ | Third Party Advisory | |
| cve@mitre.org | https://www.npmjs.com/package/merge-deep | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210716-0008/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.npmjs.com/package/merge-deep | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| merge-deep_project | merge-deep | * | |
| netapp | e-series_performance_analyzer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:merge-deep_project:merge-deep:*:*:*:*:*:node.js:*:*", matchCriteriaId: "8EBEF8AD-E84F-4EC1-9078-75BE5190A75B", versionEndExcluding: "3.0.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.", }, { lang: "es", value: "La biblioteca merge-deep versiones anteriores a 3.0.3, para Node.js puede ser engañado para sobrescribir propiedades de Object.prototype o añadirle nuevas propiedades. Estas propiedades son heredadas por todos los objetos del programa, facilitando así los ataques de contaminación de prototipos contra las aplicaciones que usan esta biblioteca", }, ], id: "CVE-2021-26707", lastModified: "2024-11-21T05:56:42.723", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-02T15:15:07.787", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0008/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://www.npmjs.com/package/merge-deep", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Third Party Advisory", ], url: "https://www.npmjs.com/package/merge-deep", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1321", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-07 22:15
Modified
2025-02-12 17:36
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| certifi | certifi | * | |
| netapp | e-series_performance_analyzer | - | |
| netapp | management_services_for_element_software | - | |
| netapp | management_services_for_netapp_hci | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:certifi:certifi:*:*:*:*:*:python:*:*", matchCriteriaId: "A9A9E60B-C4BA-4FA7-9EDF-26C0F2433F5D", versionEndExcluding: "2022.12.7", versionStartIncluding: "2017.11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "86B51137-28D9-41F2-AFA2-3CC22B4954D1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*", matchCriteriaId: "4455CF3A-CC91-4BE4-A7AB-929AC82E34F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.", }, { lang: "es", value: "Certifi es una colección seleccionada de Root Certificates para validar la confiabilidad de los certificados SSL mientras se verifica la identidad de los hosts TLS. Certifi 2022.12.07 elimina los certificados raíz de \"TrustCor\" del almacén raíz. Estos están en proceso de ser eliminados del almacén de confianza de Mozilla. Los certificados raíz de TrustCor se están eliminando de conformidad con una investigación impulsada por los medios de comunicación que informaron que la propiedad de TrustCor también operaba un negocio que producía software espía. Las conclusiones de la investigación de Mozilla se pueden encontrar en el grupo de discusión de Google vinculado.", }, ], id: "CVE-2022-23491", lastModified: "2025-02-12T17:36:19.373", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-07T22:15:09.870", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230223-0010/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-01 15:15
Modified
2024-11-21 05:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "A69D5FF1-A151-4AF6-B5E6-35EB45DC1852", versionEndExcluding: "9.4.39", versionStartIncluding: "7.2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "3008A0E3-FBFC-49AA-8867-16BD10B125DB", versionEndExcluding: "10.0.2", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "1B8688FE-13CC-4598-913D-50EB38DDCBEC", versionEndExcluding: "11.0.2", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "19EEAA04-A7BD-4FFF-8B0B-CEE5EC09F75C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F80CB000-C477-486C-838C-B2FE82647670", versionEndIncluding: "8.2.4.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "349C4D65-23E9-446A-8A36-94FF55686812", versionEndIncluding: "8.2.4.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B5E43770-8F83-4077-9EB0-3BF4A19A2E75", versionEndExcluding: "21.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8", versionEndIncluding: "21.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "8E071B1A-A339-4622-9150-59F62B151353", versionEndExcluding: "2.277.3", vulnerable: true, }, { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "EB777690-DCA0-4E68-B30E-E997A1281D4E", versionEndExcluding: "2.286", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C30E9A12-5B7B-42F6-B9D3-18DA133E5F4E", versionEndExcluding: "3.9.8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "CC05F69D-6C6B-472D-87B7-84231F14CA8B", versionEndExcluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D179365A-1E70-4B07-B882-FD082FE2AA58", versionEndExcluding: "11.70.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage:*:*:*:*:*:vcenter:*:*", matchCriteriaId: "3930F108-9019-4B4A-8918-6CE9F58551D2", versionEndExcluding: "1.10", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "FCB4EAC3-3114-43DF-89DA-879C7C578FB4", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_tools:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "E28AE83F-D666-4EDC-A276-F78F3A73D716", versionEndExcluding: "9.10", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_web_services_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "A21FA571-8C10-4633-802D-6C20A8290145", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*", matchCriteriaId: "04A544A2-C80D-488B-AC04-104F9FB3FA85", versionEndExcluding: "4.6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "20E0A1CE-7467-4EAC-877D-D6D473AE0AA2", versionEndExcluding: "9.10", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", matchCriteriaId: "8BC51CBC-4973-4145-945C-56035034D772", versionEndExcluding: "9.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.", }, { lang: "es", value: "En Eclipse Jetty versiones 7.2.2 hasta 9.4.38, versiones 10.0.0.alpha0 hasta 10.0.1 y versiones 11.0.0.alpha0 hasta 11.0.1, el uso de CPU puede alcanzar el 100% al recibir una gran trama TLS no válida.", }, ], id: "CVE-2021-28165", lastModified: "2024-11-21T05:59:13.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-01T15:15:14.237", references: [ { source: "emo@eclipse.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/20/3", }, { source: "emo@eclipse.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4949", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "emo@eclipse.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/04/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4949", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-551", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-08 21:15
Modified
2024-11-21 06:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "7E542A7D-ABD6-401A-B091-9B51E458236A", versionEndExcluding: "7.5.15", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "16145A8D-9FF1-4EEE-8E29-198B408582B8", versionEndExcluding: "8.3.5", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:5.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "9109F31C-C109-48D0-A928-D5E61B6A9547", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:5.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "60242F49-9899-4B4A-BD2B-99EF2B7DD22F", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:5.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "98551C43-BD4C-40CD-92C5-6A3005022CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:5.0.0:beta4:*:*:*:*:*:*", matchCriteriaId: "E76F5633-7F85-4162-BA13-6F1D887ECE83", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:5.0.0:beta5:*:*:*:*:*:*", matchCriteriaId: "FF03FBD9-5AA0-4171-9EC7-84BFBCBE48D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "CC05F69D-6C6B-472D-87B7-84231F14CA8B", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, { lang: "es", value: "Grafana es una plataforma de código abierto para la monitorización y la observabilidad. Las versiones afectadas de Grafana exponen varios endpoints de la API que no manejan apropiadamente la autorización del usuario. El punto API \"/teams/:teamId\" permitirá a un atacante autenticado visualizar datos no deseados al consultar por el ID del equipo específico, \"/teams/:search\" permitirá a un atacante autenticado buscar equipos y visualizar el número total de equipos disponibles, incluyendo aquellos equipos a los que el usuario no presenta acceso, y \"/teams/:teamId/members\" cuando el flag editors_can_admin está habilitada, un atacante autenticado puede visualizar datos no deseados al consultar por el ID del equipo específico. Se recomienda a usuarios actualizar lo antes posible. No hay medidas de mitigación adicionales conocidas para este problema", }, ], id: "CVE-2022-21713", lastModified: "2024-11-21T06:45:17.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-08T21:15:20.223", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/pull/45083", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/pull/45083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-17 13:15
Modified
2025-04-03 20:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
Impacted products
{ cisaActionDue: "2022-06-10", cisaExploitAdd: "2021-12-10", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Linux Kernel Improper Privilege Management Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AA88B130-CD8A-4E14-A1F5-4D1DB031D60E", versionEndExcluding: "3.16.71", versionStartIncluding: "3.16.52", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CD709672-0E6A-4086-8700-B6C2FDD8599C", versionEndExcluding: "4.2", versionStartIncluding: "4.1.39", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "19FB5FC5-740B-418F-B83A-3EA6095270C0", versionEndExcluding: "4.4.185", versionStartIncluding: "4.4.40", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "66431BA1-01B5-476A-B483-AE4E7B830BA7", versionEndExcluding: "4.9", versionStartIncluding: "4.8.16", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8A719867-AEB7-4E95-A1DE-B96EA092D9FE", versionEndExcluding: "4.9.185", versionStartIncluding: "4.9.1", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "00D95A2F-5B17-46D9-80D7-2E0D1779C2CE", versionEndExcluding: "4.14.133", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F921620B-E2A7-421F-8C89-016C51723C17", versionEndExcluding: "4.19.58", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7049E422-0D4B-45FD-8B06-04BACD44A66E", versionEndExcluding: "5.1.17", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", matchCriteriaId: "B3293E55-5506-4587-A318-D1734F781C09", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:7.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "AA559D29-DF65-48AF-96DB-D20A50474758", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2148300C-ECBD-4ED5-A164-79629859DD43", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", matchCriteriaId: "CBF9BCF3-187F-410A-96CA-9C47D3ED6924", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*", matchCriteriaId: "782C86CD-1B68-410A-A096-E5170AD24DA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "77C61DDC-81F3-4E2D-9CAA-17A256C85443", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "B6B0DA79-DF12-4418-B075-F048C9E2979A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6D5DE3C5-B090-4CE7-9AF2-DEB379D7D5FC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "DF7275A1-8853-469E-939B-7533E9E8C499", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B92409A9-0D6B-4B7E-8847-1B63837D201F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "C5C5860E-9FEB-4259-92FD-A85911E2F99E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "CCE99A08-D6F7-4937-8154-65062BC88009", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "665DF1D3-EB88-4A17-B888-3B3CE298269B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, { lang: "es", value: "En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). Un factor que contribuye es un problema de vida útil del objeto (que también puede causar un pánico). Otro factor que contribuye es el marcado incorrecto de una relación de ptrace como privilegiada, que puede ser explotada mediante (por ejemplo) el ayudante pkexec de Polkit con PTRACE_TRACEME. NOTA: deny_ptrace de SELinux puede ser una solución útil en algunos entornos.", }, ], id: "CVE-2019-13272", lastModified: "2025-04-03T20:28:35.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-07-17T13:15:10.687", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4093-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4094-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4095-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4117-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4093-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4094-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4095-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4117-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4484", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdk | 1.7.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.7 | |
| oracle | jdk | 14.0.1 | |
| oracle | jre | 1.8.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 11.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | cloud_backup | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_web_services | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_unified_manager | - | |
| netapp | snapmanager | - | |
| netapp | snapmanager | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | storagegrid | * | |
| netapp | storagegrid | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*", matchCriteriaId: "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D034E25-195A-4926-9FEC-A2B9F01E0CFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: JSSE). Las versiones compatibles que están afectadas son Java SE: 7u261, 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de TLS comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Aplica a la implementación del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. También puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuación Base 3.7 (Impactos de la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)", }, ], id: "CVE-2020-14577", lastModified: "2024-11-21T05:03:35.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:23.753", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-19 21:15
Modified
2024-11-21 05:47
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schema-inspector_project | schema-inspector | * | |
| netapp | e-series_performance_analyzer | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:schema-inspector_project:schema-inspector:*:*:*:*:*:node.js:*:*", matchCriteriaId: "D161AA96-06D3-4764-9274-A3BD6FC67DEC", versionEndExcluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.", }, { lang: "es", value: "Schema-Inspector es una herramienta de código abierto para sanear y comprobar objetos JS (el inspector de esquema del paquete npm). versiones anteriores a 2.0.0, la comprobación de la dirección de correo electrónico es vulnerable a un ataque de denegación de servicio donde alguna entrada (por ejemplo, \"a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 \") congelará el programa o la página del navegador web que ejecuta el código. Esto afecta a cualquier usuario actual del inspector de esquemas que usan cualquier versión para comprobar direcciones de correo electrónico. Los usuarios que no realizan la comprobación por correo electrónico y, en su lugar, realizan otros tipos de comprobación (como la longitud mínima o máxima de la cadena, etc.), no están afectados. Los usuarios deben actualizar a la versión 2.0.0, que usa una expresión regular que no es vulnerable a ReDoS", }, ], id: "CVE-2021-21267", lastModified: "2024-11-21T05:47:53.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-19T21:15:12.417", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210528-0006/", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.npmjs.com/package/schema-inspector", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210528-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.npmjs.com/package/schema-inspector", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-03 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | e-series_performance_analyzer | - | |
| oracle | graalvm | 19.3.5 | |
| oracle | graalvm | 20.3.1.2 | |
| oracle | graalvm | 21.0.0.2 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | mysql_cluster | * | |
| oracle | nosql_database | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| siemens | sinec_infrastructure_network_services | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "0B8440E6-CAF3-456D-A9B4-4EBF33AC3F37", versionEndExcluding: "10.24.0", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "4533F19F-C946-4203-8331-0317A0544D96", versionEndExcluding: "12.21.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "EB0738FA-DE42-4E1A-A67D-4C6357C2D720", versionEndExcluding: "14.16.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "E640EA36-17B2-4745-A831-AB8655F3579D", versionEndExcluding: "15.10.0", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "058C7C4B-D692-49DE-924A-C2725A8162D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0F0434A5-F2A1-4973-917C-A95F2ABE97D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "96DD93E0-274E-4C36-99F3-EEF085E57655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "86305E47-33E9-411C-B932-08C395C09982", versionEndExcluding: "9.2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD765AD-DEE4-41C5-9746-A2294D5F21C7", versionEndIncluding: "8.0.25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", matchCriteriaId: "D04565AE-D092-4AE0-8FEE-0E8114662A1B", versionEndExcluding: "20.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.", }, { lang: "es", value: "Node.js versiones anteriores a 10.24.0, 12.21.0, 14.16.0 y 15.10.0, es vulnerable a un ataque de denegación de servicio cuando son establecidos demasiados intentos de conexión con un \"unknownProtocol\". Esto conlleva a una filtración de descriptores de archivos. Si es configurado un límite de descriptor de archivo en el sistema, entonces el servidor no puede aceptar nuevas conexiones e impide que el proceso también se abra, por ejemplo, un archivo. Si no es configurado ningún límite de descriptor de archivo, esto conllevará a un uso excesivo de la memoria y causará al sistema quedarse sin memoria", }, ], id: "CVE-2021-22883", lastModified: "2024-11-21T05:50:49.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-03T18:15:14.893", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1043360", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { source: "support@hackerone.com", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1043360", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-01 02:15
Modified
2024-11-21 04:24
Severity ?
Summary
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*", matchCriteriaId: "BBF9724E-ED48-45EB-92DF-1223ECF12693", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "280520BC-070C-4423-A633-E6FE45E53D57", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "433D435D-13D0-4EAA-ACD9-DD88DA712D00", versionEndIncluding: "11.50.2", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", matchCriteriaId: "086B8913-51FE-4FCA-AB2C-47541F2C3252", versionEndExcluding: "7.13", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", matchCriteriaId: "71143206-77A6-4B8F-964B-FD4E00C1AE60", versionEndExcluding: "10.6", versionStartIncluding: "10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", matchCriteriaId: "F3310BC8-34F6-4C8A-B6B8-FCEB9033902B", versionEndExcluding: "12.9.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "78127EE5-23FE-4C66-B7EE-2CF3E19F0503", versionEndExcluding: "12.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "4353B3DF-2371-4A6F-9FF8-2CC3EF7DC4F6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "A0334DC1-4D8C-448C-84B3-310499118B44", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*", matchCriteriaId: "F80F3626-D093-45F4-80A1-3DB1EC94E0F2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2DABA4F3-D814-4190-BDD7-C2F3DBBD9E1A", versionEndExcluding: "10.14.6", versionStartIncluding: "10.4.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "AC281794-DEC0-4C8A-8B92-F8E5D8785EF6", versionEndExcluding: "12.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.", }, { lang: "es", value: "En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados.", }, ], id: "CVE-2019-13118", lastModified: "2024-11-21T04:24:13.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-01T02:15:09.800", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/11", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/13", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/15", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/22", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/24", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/26", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/31", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/37", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/38", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/11/17/2", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://oss-fuzz.com/testcase-detail/5197371471822848", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/21", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/22", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/25", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/35", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/36", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/37", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/40", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/41", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/42", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0004/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210346", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210348", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210351", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210353", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210356", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210357", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210358", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4164-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jul/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/11/17/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://oss-fuzz.com/testcase-detail/5197371471822848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210346", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210353", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210357", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4164-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-25 19:15
Modified
2024-11-21 06:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ws_project | ws | * | |
| ws_project | ws | * | |
| netapp | e-series_performance_analyzer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ws_project:ws:*:*:*:*:*:node.js:*:*", matchCriteriaId: "17BC31A7-9CB8-47EC-89C4-A4809CE9E47D", versionEndExcluding: "6.2.2", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ws_project:ws:*:*:*:*:*:node.js:*:*", matchCriteriaId: "5CCD3F79-60EA-49AB-B02C-327182F655A8", versionEndExcluding: "7.4.6", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.", }, { lang: "es", value: "ws es una biblioteca de servidor y cliente WebSocket de código abierto para Node.js. Un valor especialmente diseñado del encabezado \"Sec-Websocket-Protocol\" puede ser usado para ralentizar significativamente un servidor ws. La vulnerabilidad ha sido corregida en la versión ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). En las versiones vulnerables de ws, el problema puede ser mitigado al reducir la longitud máxima permitida de los encabezados de petición utilizando [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) y/o las opciones [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener)", }, ], id: "CVE-2021-32640", lastModified: "2024-11-21T06:07:26.223", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-25T19:15:07.767", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30%40%3Ccommits.tinkerpop.apache.org%3E", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210706-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30%40%3Ccommits.tinkerpop.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210706-0005/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-28 20:15
Modified
2024-11-21 06:09
Severity ?
Summary
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fb55/css-what/releases/tag/v5.0.1 | Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210706-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fb55/css-what/releases/tag/v5.0.1 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210706-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| css-what_project | css-what | 4.0.0 | |
| css-what_project | css-what | 5.0.0 | |
| netapp | e-series_performance_analyzer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:css-what_project:css-what:4.0.0:*:*:*:*:node.js:*:*", matchCriteriaId: "5BEE51B0-F2BB-43D6-AF8D-17D94E599014", vulnerable: true, }, { criteria: "cpe:2.3:a:css-what_project:css-what:5.0.0:*:*:*:*:node.js:*:*", matchCriteriaId: "E2F67046-07B3-4FC4-9B28-ED197CF16A25", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.", }, { lang: "es", value: "El paquete css-what versión 4.0.0 hasta la versión 5.0.0 para Node.js no asegura que el análisis sintáctico de atributos tenga una complejidad de tiempo lineal en relación con el tamaño de la entrada", }, ], id: "CVE-2021-33587", lastModified: "2024-11-21T06:09:08.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-28T20:15:07.733", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/fb55/css-what/releases/tag/v5.0.1", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210706-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/fb55/css-what/releases/tag/v5.0.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210706-0007/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*", matchCriteriaId: "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "45E3A969-BFC2-45E2-B301-813E9335FC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "280520BC-070C-4423-A633-E6FE45E53D57", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC", versionEndIncluding: "11.60.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", matchCriteriaId: "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Networking). Las versiones compatibles que están afectadas son Java SE: 7u241 y 8u231; Java SE Embedded: 8u231. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versión 8), que cargan y ejecutan código no confiable (por ejemplo, código que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntaje Base 3.7 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2659", lastModified: "2024-11-21T05:25:55.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:24.333", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-15 13:15
Modified
2024-11-21 07:03
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "84AA9DAD-BDBD-402E-B680-250A7295B57E", versionEndExcluding: "8.3.10", versionStartIncluding: "5.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "A5136FB0-D7F8-4BDD-9C70-CB2648065A1F", versionEndExcluding: "8.4.10", versionStartIncluding: "8.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "7C2FAADE-D9EA-431C-ACFA-9F846F14B5A2", versionEndExcluding: "8.5.9", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E8B3E-D3A9-49A4-ABCD-4E87F8B527DD", versionEndExcluding: "9.0.3", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", }, { lang: "es", value: "Grafana es una plataforma de código abierto para la monitorización y la observación. En versiones 5.3 hasta 9.0.3, 8.5.9, 8.4.10 y 8.3.10, es posible que un usuario malicioso que tenga autorización para iniciar sesión en una instancia de Grafana por medio de un IdP de OAuth configurado que proporcione un nombre de inicio de sesión, tome la cuenta de otro usuario en esa instancia de Grafana. Esto puede ocurrir cuando el usuario malicioso está autorizado a iniciar sesión en Grafana por medio de OAuth, el id de usuario externo del usuario malicioso no está ya asociado a una cuenta en Grafana, la dirección de correo electrónico del usuario malicioso no está ya asociada a una cuenta en Grafana, y el usuario malicioso conoce el nombre de usuario de Grafana del usuario objetivo. Si son cumplidas estas condiciones, el usuario malicioso puede establecer su nombre de usuario en el proveedor OAuth al del usuario objetivo, y luego pasar por el flujo OAuth para iniciar sesión en Grafana. Debido a la forma en que las cuentas de usuario externas e internas están vinculadas durante el inicio de sesión, si las condiciones anteriores son cumplidas, el usuario malicioso podrá iniciar sesión en la cuenta de Grafana del usuario objetivo. Las versiones 9.0.3, 8.5.9, 8.4.10 y 8.3.10 contienen un parche para este problema. Como mitigación, los usuarios afectados pueden deshabilitar el inicio de sesión de OAuth en su instancia de Grafana, o asegurarse de que todos los usuarios autorizados a iniciar sesión por medio de OAuth presentan una cuenta de usuario correspondiente en Grafana vinculada a su dirección de correo electrónico", }, ], id: "CVE-2022-31107", lastModified: "2024-11-21T07:03:54.563", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.5, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-15T13:15:08.397", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdk | 1.7.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.7 | |
| oracle | jdk | 14.0.1 | |
| oracle | jre | 1.8.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | cloud_backup | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_web_services | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_unified_manager | - | |
| netapp | snapmanager | - | |
| netapp | snapmanager | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | storagegrid | * | |
| netapp | storagegrid | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*", matchCriteriaId: "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D034E25-195A-4926-9FEC-A2B9F01E0CFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: 2D). Las versiones compatibles que están afectadas son Java SE: 7u261, 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o a todos los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y confían en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo código confiable (por ejemplo, código instalado por parte de un administrador). CVSS 3.1 Puntuación Base 7.4 (Impactos de la Integridad). Vector CVSS:(CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)", }, ], id: "CVE-2020-14593", lastModified: "2024-11-21T05:03:38.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:25.050", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "221B755E-48C0-4530-AFBD-4B00CF6A696F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "27495366-B260-4F56-9BC2-9B862E7DCABC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "4E5302AA-9FB5-4F30-9E75-43796783E906", versionEndExcluding: "5.10.0", versionStartIncluding: "5.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Serialization). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox . También puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2757", lastModified: "2024-11-21T05:26:11.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:25.547", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-28 18:15
Modified
2024-11-21 06:09
Severity ?
Summary
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1 | Patch, Release Notes | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210702-0007/ | Third Party Advisory | |
| cve@mitre.org | https://www.npmjs.com/package/trim-newlines | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1 | Patch, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210702-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.npmjs.com/package/trim-newlines | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trim-newlines_project | trim-newlines | * | |
| trim-newlines_project | trim-newlines | * | |
| netapp | e-series_performance_analyzer | - | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trim-newlines_project:trim-newlines:*:*:*:*:*:node.js:*:*", matchCriteriaId: "E34BEF01-4756-4449-8ACF-373B6FF4DF44", versionEndExcluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:trim-newlines_project:trim-newlines:*:*:*:*:*:node.js:*:*", matchCriteriaId: "018C86E0-70FE-4E10-9138-A213C59252EA", versionEndExcluding: "4.0.1", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.", }, { lang: "es", value: "El paquete trim-newlines versiones anteriores a 3.0.1 y versiones 4.x anteriores a 4.0.1 para Node.js, presenta un problema relacionado con una denegación de servicio de expresión regular (ReDoS) para el método .end()", }, ], id: "CVE-2021-33623", lastModified: "2024-11-21T06:09:12.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-28T18:15:07.537", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210702-0007/", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.npmjs.com/package/trim-newlines", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210702-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.npmjs.com/package/trim-newlines", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-14 19:15
Modified
2024-11-21 06:36
Severity ?
Summary
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| openssl | openssl | 1.1.0 | |
| openssl | openssl | 3.0.0 | |
| netapp | cloud_backup | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | snapcenter | - | |
| netapp | a250_firmware | - | |
| netapp | a250 | - | |
| netapp | 500f_firmware | - | |
| netapp | 500f | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| nodejs | node.js | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "D53A6288-46D2-452F-95DA-ADA3A55544E5", versionEndExcluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "73104834-5810-48DD-9B97-549D223853F1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5D1E839A-4780-412E-9F02-DD3029A0B8EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "EF176509-5AA8-4644-84E5-051964AECCE5", versionEndExcluding: "17.3.0", versionStartIncluding: "17.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).", }, { lang: "es", value: "Internamente libssl en OpenSSL llama a X509_verify_cert() en el lado del cliente para verificar un certificado suministrado por un servidor. Esta función puede devolver un valor negativo para indicar un error interno (por ejemplo, falta de memoria). Tal valor de retorno negativo es mal manejado por OpenSSL y causará que una función IO (como SSL_connect() o SSL_do_handshake()) no indique el éxito y una llamada posterior a SSL_get_error() devuelva el valor SSL_ERROR_WANT_RETRY_VERIFY. Este valor de retorno sólo debe ser devuelto por OpenSSL si la aplicación ha llamado previamente a SSL_CTX_set_cert_verify_callback(). Como la mayoría de las aplicaciones no hacen esto, el valor de retorno SSL_ERROR_WANT_RETRY_VERIFY de SSL_get_error() será totalmente inesperado y las aplicaciones pueden no comportarse correctamente como resultado. El comportamiento exacto dependerá de la aplicación, pero podría resultar en bloqueos, bucles infinitos u otras respuestas incorrectas similares. Este problema se agrava en combinación con otro fallo en OpenSSL versión 3.0 que hará que X509_verify_cert() indique un error interno cuando procesa una cadena de certificados. Esto ocurrirá cuando un certificado no incluya la extensión de nombre alternativo del sujeto pero cuando una autoridad de certificación haya aplicado restricciones de nombre. Este problema puede producirse incluso con cadenas válidas. Combinando los dos problemas, un atacante podría inducir un comportamiento incorrecto y dependiente de la aplicación. Corregido en OpenSSL versión 3.0.1 (Afectado 3.0.0)", }, ], id: "CVE-2021-4044", lastModified: "2024-11-21T06:36:47.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-14T19:15:07.807", references: [ { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*", matchCriteriaId: "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "89175649-A3CE-4A15-B875-C93D289F8307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "665B33FE-52FE-4E17-8A80-D61656C49900", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*", matchCriteriaId: "405536FF-8BB9-4926-97E3-61BAA3A75E08", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*", matchCriteriaId: "52496989-B639-4E8E-8319-D5D9FE5B30DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4BF92693-510C-48A4-ABFC-AD975DB971CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*", matchCriteriaId: "465CFA59-8E94-415A-ACF0-E678826813BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "85BDC28A-484B-4D14-8D68-890450DCE3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "40A221DB-1684-4C87-B576-0969FE13E1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DE6A1B86-3688-4A13-AB37-DBD0DA323202", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*", matchCriteriaId: "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1704C904-6E0A-4972-BC94-326D8BC6315A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "3275348E-0FAF-4DC1-94A6-B53014659D49", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Security). Las versiones compatibles que están afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de Kerberos comprometer a Java SE, Java SE Embedded. Aunque la vulnerabilidad ocurre en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o en un acceso completo a todos los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versión 8), que cargan y ejecutan código no seguros (por ejemplo, código que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Base Score 6.8 (Impactos en la Confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, ], id: "CVE-2020-2601", lastModified: "2024-11-21T05:25:41.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:20.300", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "221B755E-48C0-4530-AFBD-4B00CF6A696F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "27495366-B260-4F56-9BC2-9B862E7DCABC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Security). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. También puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2773", lastModified: "2024-11-21T05:26:13.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:26.547", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:commerce_experience_manager:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "F4BBE71A-CEE7-4319-9E7F-6D52E9905C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "2A3622F5-5976-4BBC-A147-FC8A6431EA79", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "6B257954-6EF3-4CBF-A8A7-699F70F98153", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*", matchCriteriaId: "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "89175649-A3CE-4A15-B875-C93D289F8307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "665B33FE-52FE-4E17-8A80-D61656C49900", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "45E3A969-BFC2-45E2-B301-813E9335FC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "41909CBE-B056-4E00-AE21-670AA518E1B9", versionEndIncluding: "11.0.5", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "43C96E91-EF8B-4A0E-A9A2-3525A8DD463E", versionEndIncluding: "13.0.1", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "280520BC-070C-4423-A633-E6FE45E53D57", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC", versionEndIncluding: "11.60.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", matchCriteriaId: "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", }, { lang: "es", value: "Vulnerabilidad en Java SE, producto Java SE Embedded de Oracle Java SE (componente: serialización). Las versiones compatibles que se ven afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. La vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en la adquisición de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start de espacio aislado o applets de Java de espacio aislado (en Java SE 8), que cargan y ejecutan código no seguro (por ejemplo, código que proviene de Internet) y dependen de Java caja de arena para seguridad. Esta vulnerabilidad también puede explotarse mediante el uso de API en el Componente especificado, por ejemplo, a través de un servicio web que suministra datos a las API. CVSS v3.0 Base Score 8.1 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: N / AC: H / PR: N / UI: N / S: U / C: H / I: H / A: H).", }, ], id: "CVE-2020-2604", lastModified: "2024-11-21T05:25:42.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:20.487", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*", matchCriteriaId: "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "89175649-A3CE-4A15-B875-C93D289F8307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "665B33FE-52FE-4E17-8A80-D61656C49900", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*", matchCriteriaId: "405536FF-8BB9-4926-97E3-61BAA3A75E08", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*", matchCriteriaId: "52496989-B639-4E8E-8319-D5D9FE5B30DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4BF92693-510C-48A4-ABFC-AD975DB971CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*", matchCriteriaId: "465CFA59-8E94-415A-ACF0-E678826813BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "85BDC28A-484B-4D14-8D68-890450DCE3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "40A221DB-1684-4C87-B576-0969FE13E1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DE6A1B86-3688-4A13-AB37-DBD0DA323202", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*", matchCriteriaId: "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1704C904-6E0A-4972-BC94-326D8BC6315A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "3275348E-0FAF-4DC1-94A6-B53014659D49", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Serialization). Las versiones compatibles que están afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versión 8), que cargan y ejecutan código no confiable (por ejemplo, código que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntaje Base 3.7 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2583", lastModified: "2024-11-21T05:25:37.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:19.130", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "221B755E-48C0-4530-AFBD-4B00CF6A696F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "27495366-B260-4F56-9BC2-9B862E7DCABC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "4E5302AA-9FB5-4F30-9E75-43796783E906", versionEndExcluding: "5.10.0", versionStartIncluding: "5.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Serialization). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox . También puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox , tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2756", lastModified: "2024-11-21T05:26:10.873", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:25.483", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdk | 1.7.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.7 | |
| oracle | jdk | 14.0.1 | |
| oracle | jre | 1.8.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | cloud_backup | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_web_services | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_unified_manager | - | |
| netapp | snapmanager | - | |
| netapp | snapmanager | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | storagegrid | * | |
| netapp | storagegrid | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*", matchCriteriaId: "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D034E25-195A-4926-9FEC-A2B9F01E0CFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u261, 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y confían en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo código confiable (por ejemplo, código instalado por parte de un administrador). CVSS 3.1 Puntuación Base 8.3 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS: 3.1 / AV: N / AC: H / PR: N / UI: R / S: C / C: H / I: H / A: H)", }, ], id: "CVE-2020-14583", lastModified: "2024-11-21T05:03:36.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:24.240", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-15 17:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| gnome | glib | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | e-series_performance_analyzer | - | |
| broadcom | brocade_fabric_operating_system_firmware | - | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", matchCriteriaId: "75B40F42-BA65-4AAE-AA5B-34D0AD59E17F", versionEndExcluding: "2.66.6", vulnerable: true, }, { criteria: "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", matchCriteriaId: "6011C526-C3E7-42A9-AAE8-16AE5CE53C0B", versionEndExcluding: "2.67.3", versionStartIncluding: "2.67.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.", }, { lang: "es", value: "Se detectó un problema en GNOME GLib versiones anteriores a 2.66.6 y versiones 2.67.x anteriores a 2.67.3. La función g_bytes_new presenta un desbordamiento de enteros en plataformas de 64 bits debido a una conversión implícita de 64 bits a 32 bits. El desbordamiento podría conllevar a una corrupción de la memoria", }, ], id: "CVE-2021-27219", lastModified: "2024-11-21T05:57:37.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-15T17:15:13.137", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/glib/-/issues/2319", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-13", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/glib/-/issues/2319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-681", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*", matchCriteriaId: "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u261 y 8u251; Java SE Embedded: 8u251. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Aplica a la implementación del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. También puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuación Base 3.7 (Impactos de la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)", }, ], id: "CVE-2020-14579", lastModified: "2024-11-21T05:03:35.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:23.910", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC", versionEndIncluding: "11.60.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que están afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a datos críticos o a todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad solo puede ser explotada al proporcionar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start No Confiables o applets Java No Confiables, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 7.5 (Impactos de la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], id: "CVE-2020-2816", lastModified: "2024-11-21T05:26:21.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:29.157", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-08 20:15
Modified
2024-11-21 06:45
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grafana | grafana | * | |
| grafana | grafana | * | |
| grafana | grafana | 2.0.0 | |
| grafana | grafana | 2.0.0 | |
| netapp | e-series_performance_analyzer | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "EDAF22BC-1003-4EB9-8256-A7DEA894CCC1", versionEndExcluding: "7.5.15", versionStartIncluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "16145A8D-9FF1-4EEE-8E29-198B408582B8", versionEndExcluding: "8.3.5", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:2.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "9C4FC3E6-8C85-4398-B270-5B0373C129B6", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:2.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "4C441D33-2494-4B4F-8C7D-3C0857FDD209", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "CC05F69D-6C6B-472D-87B7-84231F14CA8B", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "Grafana es una plataforma de código abierto para la monitorización y la observabilidad. En las versiones afectadas, un atacante podría servir contenido HTML mediante la fuente de datos de Grafana o el proxy del plugin y engañar a un usuario para que visite esta página HTML usando un enlace especialmente diseñado y ejecutar un ataque de tipo Cross-site Scripting (XSS). El atacante podría comprometer una fuente de datos existente para una instancia específica de Grafana o bien configurar su propio servicio público e instruir a cualquiera para que lo configure en su instancia de Grafana. Para ser impactado, todo lo siguiente debe ser aplicable. Para el proxy de la fuente de datos: Una fuente de datos basada en HTTP de Grafana configurada con Servidor como Modo de Acceso y una URL establecida, el atacante debe estar en control del servidor HTTP que sirve la URL de dicha fuente de datos, y un enlace especialmente diseñado que apunte a la fuente de datos controlada por el atacante debe ser pulsado por un usuario autenticado. Para el plugin proxy: Un plugin de Grafana basado en HTTP configurado y habilitado con un conjunto de URL, el atacante debe estar en control del servidor HTTP que sirve la URL de la aplicación anterior, y un enlace especialmente diseñado que apunte al plugin controlado por el atacante debe ser marcado por un usuario autenticado. Para el recurso del plugin backend: Un atacante debe ser capaz de dirigir a un usuario autenticado a un plugin comprometido mediante un enlace diseñado. Es recomendado a usuarios actualizar a una versión parcheada. No hay medidas de mitigación adicionales conocidas para esta vulnerabilidad", }, ], id: "CVE-2022-21702", lastModified: "2024-11-21T06:45:16.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 4.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-08T20:15:08.987", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.7 | |
| oracle | jdk | 14.0.1 | |
| oracle | jre | 1.8.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | cloud_backup | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_web_services | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_unified_manager | - | |
| netapp | snapmanager | - | |
| netapp | snapmanager | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | storagegrid | * | |
| netapp | storagegrid | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D034E25-195A-4926-9FEC-A2B9F01E0CFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded, así como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Aplica a la implementación del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. También puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuación Base 4.8 (Impactos de la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)", }, ], id: "CVE-2020-14556", lastModified: "2024-11-21T05:03:32.060", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:20.037", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-08 21:15
Modified
2024-11-21 06:45
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grafana | grafana | * | |
| grafana | grafana | * | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| netapp | e-series_performance_analyzer | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "1F2335D6-B310-42E7-8FC8-25B8E2264829", versionEndExcluding: "7.5.15", versionStartIncluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "16145A8D-9FF1-4EEE-8E29-198B408582B8", versionEndExcluding: "8.3.5", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "D738463C-2E39-42D3-A730-5A49594825CC", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "152CFB89-E06C-455E-8B72-016F44D33DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "3E44CD01-FC42-4A90-B976-87E65F3C3E44", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta4:*:*:*:*:*:*", matchCriteriaId: "6B0D67F3-2D3C-4DB7-BF59-4719BCF8A613", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta5:*:*:*:*:*:*", matchCriteriaId: "1804B55D-0FAA-4529-9749-8342A779430D", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta6:*:*:*:*:*:*", matchCriteriaId: "EAF5DF18-EAD2-4888-B1B7-0506C0F893EB", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta7:*:*:*:*:*:*", matchCriteriaId: "9376D16C-2453-4E08-981C-4789F741FA5E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "CC05F69D-6C6B-472D-87B7-84231F14CA8B", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, { lang: "es", value: "Grafana es una plataforma de código abierto para la monitorización y la observabilidad. Las versiones afectadas están sujetas a una vulnerabilidad de tipo cross site request forgery que permite a atacantes elevar sus privilegios al montar ataques de origen cruzado contra usuarios autenticados de Grafana con altos privilegios (por ejemplo, editores o administradores). Un atacante puede explotar esta vulnerabilidad para una elevación de privilegios al engañar a un usuario autenticado para que invite al atacante como un nuevo usuario con altos privilegios. Se recomienda a usuarios actualizar lo antes posible. No hay medidas de mitigación adicionales conocidas para este problema", }, ], id: "CVE-2022-21703", lastModified: "2024-11-21T06:45:16.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-08T21:15:20.150", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/pull/45083", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/pull/45083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-03 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - | |
| oracle | graalvm | 19.3.5 | |
| oracle | graalvm | 20.3.1.2 | |
| oracle | graalvm | 21.0.0.2 | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | mysql_cluster | * | |
| oracle | nosql_database | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| siemens | sinec_infrastructure_network_services | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "0B8440E6-CAF3-456D-A9B4-4EBF33AC3F37", versionEndExcluding: "10.24.0", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "4533F19F-C946-4203-8331-0317A0544D96", versionEndExcluding: "12.21.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "EB0738FA-DE42-4E1A-A67D-4C6357C2D720", versionEndExcluding: "14.16.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "E640EA36-17B2-4745-A831-AB8655F3579D", versionEndExcluding: "15.10.0", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "058C7C4B-D692-49DE-924A-C2725A8162D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0F0434A5-F2A1-4973-917C-A95F2ABE97D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "96DD93E0-274E-4C36-99F3-EEF085E57655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "86305E47-33E9-411C-B932-08C395C09982", versionEndExcluding: "9.2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD765AD-DEE4-41C5-9746-A2294D5F21C7", versionEndIncluding: "8.0.25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", matchCriteriaId: "D04565AE-D092-4AE0-8FEE-0E8114662A1B", versionEndExcluding: "20.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.", }, { lang: "es", value: "Node.js versiones anteriores a 10.24.0, 12.21.0, 14.16.0 y 15.10.0, es vulnerable a unos ataques de reenlace de DNS, ya que la lista blanca incluye “localhost6”. Cuando “localhost6” no está presente en el archivo /etc/hosts, es solo un dominio ordinario que es resuelto por medio de DNS, es decir, a través de la red. Si el atacante controla el servidor DNS de la víctima o puede falsificar sus respuestas, la protección de reenlace de DNS se puede omitir usando el dominio \"localhost6\". Siempre que el atacante use el dominio \"localhost6\", aún puede aplicar el ataque descrito en el CVE-2018-7160", }, ], id: "CVE-2021-22884", lastModified: "2024-11-21T05:50:50.180", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-03T18:15:14.957", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1069487", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { source: "support@hackerone.com", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { source: "support@hackerone.com", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1069487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-350", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*", matchCriteriaId: "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*", matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "89175649-A3CE-4A15-B875-C93D289F8307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "665B33FE-52FE-4E17-8A80-D61656C49900", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*", matchCriteriaId: "405536FF-8BB9-4926-97E3-61BAA3A75E08", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*", matchCriteriaId: "52496989-B639-4E8E-8319-D5D9FE5B30DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4BF92693-510C-48A4-ABFC-AD975DB971CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "FC88059E-CCFD-4AFD-9982-41DF225FB840", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*", matchCriteriaId: "465CFA59-8E94-415A-ACF0-E678826813BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "85BDC28A-484B-4D14-8D68-890450DCE3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "40A221DB-1684-4C87-B576-0969FE13E1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DE6A1B86-3688-4A13-AB37-DBD0DA323202", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*", matchCriteriaId: "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1704C904-6E0A-4972-BC94-326D8BC6315A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "3275348E-0FAF-4DC1-94A6-B53014659D49", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Security). Las versiones compatibles que están afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de Kerberos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versión 8), que cargan y ejecutan código no confiable (por ejemplo, código que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntuación Base 3.7 (Impactos en la Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], id: "CVE-2020-2590", lastModified: "2024-11-21T05:25:39.373", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-15T17:15:19.613", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4257-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-12 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | e-series_performance_analyzer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", matchCriteriaId: "66BC7206-28E1-4A23-9701-78ABEA79D0C5", versionEndExcluding: "3.7.1", versionStartIncluding: "3.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.", }, { lang: "es", value: "Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en el cliente que envía la extensión key_share puede conllevar a una corrupción de la memoria y otras consecuencias", }, ], id: "CVE-2021-20231", lastModified: "2024-11-21T05:46:10.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-12T19:15:13.037", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0005/", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-01 15:15
Modified
2024-11-21 05:59
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:9.4.37:20210219:*:*:*:*:*:*", matchCriteriaId: "E55D7BBC-875B-4AF6-8298-AE3DE6A4EBEF", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:9.4.38:20210224:*:*:*:*:*:*", matchCriteriaId: "4F8A8973-E774-4C85-8EA7-A98C5B77E2DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "73F81EC3-4AB0-4CD7-B845-267C5974DE98", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*", matchCriteriaId: "214712B6-59AF-4B5E-84BF-AF3C74A390EA", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "DC01D8F3-291A-44E5-99C1-6771F6656E0E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "D5D73B53-9750-4844-A767-21F8A0CEE0B3", versionStartIncluding: "9.6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", matchCriteriaId: "0C0FF89C-3DC1-4FF4-9447-128028EEA80B", versionStartIncluding: "9.6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "FF852A4C-7818-408D-A46B-2F4EE1AB8895", versionStartIncluding: "9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", matchCriteriaId: "7CBFC93F-8B39-45A2-981C-59B187169BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0843465C-F940-4FFC-998D-9A2668B75EA0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1FDBAD8E-C926-4D6F-9FD2-B0428980D6DF", versionEndIncluding: "8.2.4", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8", versionEndIncluding: "21.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.", }, { lang: "es", value: "En Eclipse Jetty versiones 9.4.37.v20210219 hasta 9.4.38.v20210224, el modo de cumplimiento predeterminado permite a unas peticiones con URI que contienen segmentos %2e o %2e%2e acceder a recursos protegidos dentro del directorio WEB-INF. Por ejemplo, una petición a /context/%2e/WEB-INF/web.xml puede recuperar el archivo web.xml. Esto puede divulgar información confidencial sobre la implementación de una aplicación web.", }, ], id: "CVE-2021-28164", lastModified: "2024-11-21T05:59:13.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-01T15:15:14.157", references: [ { source: "emo@eclipse.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html", }, { source: "emo@eclipse.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { source: "emo@eclipse.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-551", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-27 13:15
Modified
2024-11-21 04:56
Severity ?
Summary
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/grafana/grafana/blob/master/CHANGELOG.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200810-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grafana/grafana/blob/master/CHANGELOG.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200810-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grafana | grafana | * | |
| netapp | e-series_performance_analyzer | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "84470D6D-BEC1-4BA8-A388-745D01973F70", versionEndIncluding: "6.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.", }, { lang: "es", value: "Grafana hasta la versión 6.7.1 permite un ataque de tipo XSS almacenado debido a la insuficiente protección de entrada en el campo originalUrl, lo que permite a un atacante inyectar código JavaScript que se ejecutará después de hacer clic en Open Original Dashboard después de visitar la instantánea", }, ], id: "CVE-2020-11110", lastModified: "2024-11-21T04:56:48.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-27T13:15:11.293", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200810-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200810-0002/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que están afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, así como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. También puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 4.8 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], id: "CVE-2020-2767", lastModified: "2024-11-21T05:26:12.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:26.187", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-21 15:15
Modified
2024-11-21 05:04
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdk | 1.7.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.8 | |
| oracle | jdk | 15 | |
| oracle | jre | 1.8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | e-series_performance_analyzer | - | |
| netapp | e-series_santricity_management_plug-ins | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_web_services_proxy | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_unified_manager | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| mcafee | epolicy_orchestrator | 5.9.0 | |
| mcafee | epolicy_orchestrator | 5.9.1 | |
| mcafee | epolicy_orchestrator | 5.10.0 | |
| mcafee | epolicy_orchestrator | 5.10.0 | |
| mcafee | epolicy_orchestrator | 5.10.0 | |
| mcafee | epolicy_orchestrator | 5.10.0 | |
| mcafee | epolicy_orchestrator | 5.10.0 | |
| mcafee | epolicy_orchestrator | 5.10.0 | |
| mcafee | epolicy_orchestrator | 5.10.0 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*", matchCriteriaId: "3D07DCC8-4D24-4B8F-B72E-83DC311BD683", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*", matchCriteriaId: "AAC508A2-CF8A-4037-87C8-B87E19ABC644", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*", matchCriteriaId: "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*", matchCriteriaId: "F3917541-7ACF-4033-86EC-DB54938DBF41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*", matchCriteriaId: "240E3859-040C-4E94-806C-E40E9E2C5EA2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", matchCriteriaId: "280520BC-070C-4423-A633-E6FE45E53D57", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC", versionEndIncluding: "11.60.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", matchCriteriaId: "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15; Java SE Embedded: 8u261. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en la actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded. Nota: Aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets de Java en sandbox. También puede ser explotada al suministrar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start en sandbox o applets de Java en sandbox, como mediante un servicio web. CVSS 3.1 Puntuación Base 3.7 (Impactos de la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)", }, ], id: "CVE-2020-14782", lastModified: "2024-11-21T05:04:08.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], }, published: "2020-10-21T15:15:18.517", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 19:15
Modified
2024-11-21 05:01
Severity ?
Summary
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grafana | grafana | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| netapp | e-series_performance_analyzer | - | |
| opensuse | leap | 15.2 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "3D50C8C6-6B30-44A6-8F1E-6915B9C19BEA", versionEndIncluding: "7.0.1", versionStartIncluding: "3.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568", vulnerable: true, }, { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", matchCriteriaId: "67E82302-4B77-44F3-97B1-24C18AC4A35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.", }, { lang: "es", value: "La funcionalidad avatar en Grafana versiones 3.0.1 hasta 7.0.1, presenta un problema de Control de Acceso Incorrecto de tipo SSRF. Esta vulnerabilidad permite que cualquier usuario y cliente no autenticado haga que Grafana envíe peticiones HTTP hacia cualquier URL y devuelva su resultado al usuario y cliente. Esto puede ser utilizado para conseguir información sobre la red en la que Grafana se está ejecutando. Además, pasar objetos URL inválidos podría ser usado para DOS'ing Grafana a través de SegFault", }, ], id: "CVE-2020-13379", lastModified: "2024-11-21T05:01:08.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T19:15:10.737", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/06/03/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/06/09/2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/release-notes-v7-0-x/29381", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4%40%3Cdev.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933%40%3Cdev.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60%40%3Cissues.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2%40%3Cdev.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd%40%3Cissues.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da%40%3Cissues.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d%40%3Cdev.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90%40%3Cdev.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820%40%3Ccommits.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13%40%3Cissues.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31%40%3Cdev.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2%40%3Cdev.ambari.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://mostwanted002.cf/post/grafanados/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://rhynorater.github.io/CVE-2020-13379-Write-Up", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/06/03/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/06/09/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/release-notes-v7-0-x/29381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4%40%3Cdev.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933%40%3Cdev.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60%40%3Cissues.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2%40%3Cdev.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd%40%3Cissues.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da%40%3Cissues.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d%40%3Cdev.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90%40%3Cdev.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820%40%3Ccommits.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13%40%3Cissues.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31%40%3Cdev.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2%40%3Cdev.ambari.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://mostwanted002.cf/post/grafanados/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://rhynorater.github.io/CVE-2020-13379-Write-Up", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0006/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*", matchCriteriaId: "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u261 y 8u251; Java SE Embedded: 8u251. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Aplica a la implementación del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. También puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuación Base 3.7 (Impactos de la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)", }, ], id: "CVE-2020-14578", lastModified: "2024-11-21T05:03:35.600", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:23.833", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*", matchCriteriaId: "E3B8B378-3211-4E63-873D-A05574B39E14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*", matchCriteriaId: "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*", matchCriteriaId: "8F257E03-5BA1-4743-983A-6C08F8572FFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*", matchCriteriaId: "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC", versionEndIncluding: "11.60.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*", matchCriteriaId: "21BCD926-8CE6-4954-891E-05154C9691A1", versionEndExcluding: "2.3.1", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*", matchCriteriaId: "29DB881A-6CB1-46FD-93F2-A4FD277B9132", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*", matchCriteriaId: "C397BB56-6B67-4625-BACB-47C667FB0452", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*", matchCriteriaId: "AA663385-DB25-4CD2-AC7D-FB501B37AFA4", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A0F26126-55C2-4E2E-A586-D93FF38ABF6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Concurrency). Las versiones compatibles que están afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. También puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 5.3 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2020-2830", lastModified: "2024-11-21T05:26:23.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:29.950", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202006-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-01 15:15
Modified
2024-11-21 05:59
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "AF634A17-7602-4D5A-B28C-A3D123D55BDD", versionEndExcluding: "9.4.39", versionStartIncluding: "9.4.32", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "334FAEF6-CEC6-445F-B52D-7FF38CDB9F79", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "129017B0-7465-4F75-8C30-B9A5DBC1DE9F", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*", matchCriteriaId: "52F4E0D3-9709-4073-9DE0-F36CDD3DB62F", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "5DF6B532-FC1B-429A-B06F-0361ED12CB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:11.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "F6AF5EF3-8153-4768-8771-13448DE625B5", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "76EC004C-0BE9-46E1-86AE-391B27C6AE79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*", matchCriteriaId: "77A86E91-044C-44A0-9AD4-B4B2AD6723BC", versionEndExcluding: "2.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:solr:8.8.1:*:*:*:*:*:*:*", matchCriteriaId: "42672AEA-5920-4951-ADCF-5D5AA4AB4A77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*", matchCriteriaId: "214712B6-59AF-4B5E-84BF-AF3C74A390EA", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "DC01D8F3-291A-44E5-99C1-6771F6656E0E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "D5D73B53-9750-4844-A767-21F8A0CEE0B3", versionStartIncluding: "9.6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", matchCriteriaId: "0C0FF89C-3DC1-4FF4-9447-128028EEA80B", versionStartIncluding: "9.6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "FF852A4C-7818-408D-A46B-2F4EE1AB8895", versionStartIncluding: "9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", matchCriteriaId: "7CBFC93F-8B39-45A2-981C-59B187169BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0843465C-F940-4FFC-998D-9A2668B75EA0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "19EEAA04-A7BD-4FFF-8B0B-CEE5EC09F75C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9B7C949D-0AB3-4566-9096-014C82FC1CF1", versionEndIncluding: "8.2.4.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E419C70-9516-4C63-997B-60B20E30A30D", versionEndIncluding: "8.2.4.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8", versionEndIncluding: "21.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.", }, { lang: "es", value: "En Eclipse Jetty versiones 9.4.32 hasta 9.4.38, versiones 10.0.0.beta2 hasta 10.0.1 y versiones 11.0.0.beta2 hasta 11.0.1, si un usuario usa un directorio de aplicaciones web que es un enlace simbólico, el contenido del directorio de aplicaciones web se implementa como una aplicación web estática, sin darse cuenta, sirviendo las aplicaciones web en sí y cualquier otra cosa que pueda estar en ese directorio.", }, ], id: "CVE-2021-28163", lastModified: "2024-11-21T05:59:12.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-01T15:15:14.080", references: [ { source: "emo@eclipse.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E", }, { source: "emo@eclipse.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/", }, { source: "emo@eclipse.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/", }, { source: "emo@eclipse.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { source: "emo@eclipse.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*", matchCriteriaId: "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D034E25-195A-4926-9FEC-A2B9F01E0CFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", matchCriteriaId: "0A4D418D-B526-46B9-B439-E1963BF88C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: JAXP). Las versiones compatibles que están afectadas son Java SE: 7u261, 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, insertar o eliminar el acceso a algunos de los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad solo puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones Java Web Start No Confiables o applets Java No Confiables, tales como a través de un servicio web. CVSS 3.1 Puntuación Base 5.3 (Impactos de la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)", }, ], id: "CVE-2020-14621", lastModified: "2024-11-21T05:03:42.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:27.380", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202008-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "84457AF5-BF82-449E-8576-F34DD338BBE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6E5E08E5-823D-4F57-BA0A-603F8E680419", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89D95157-3487-4421-A5E3-801B987625B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "A8ADAA7A-7951-40D7-B1B1-78944D954209", versionEndIncluding: "11.0.6", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA", versionEndIncluding: "13.0.2", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*", matchCriteriaId: "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que están afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. También puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 3.7 (Impactos de la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2020-2778", lastModified: "2024-11-21T05:26:14.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:26.843", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4337-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*", matchCriteriaId: "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "FF39F7B1-6571-4BF6-A58F-4A6801636217", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D034E25-195A-4926-9FEC-A2B9F01E0CFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*", matchCriteriaId: "D2DD43D4-AF2E-41DF-90C0-F899C624430E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "106FDF5A-D377-4E5F-8BF9-09290019C98A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "B64FC591-5854-4480-A6E2-5E953C2415B3", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", matchCriteriaId: "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: 2D). Las versiones compatibles que están afectadas son Java SE: 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Aplica a la implementación del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. También puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuación Base 3.7 (Impactos de la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)", }, ], id: "CVE-2020-14581", lastModified: "2024-11-21T05:03:36.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-07-15T18:15:24.083", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4433-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4453-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:23
Severity ?
Summary
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 10.0 | |
| netapp | e-series_performance_analyzer | - | |
| netapp | nfs_plug-in | * | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "580654C1-5047-40F4-9518-2AACF59AC357", versionEndExcluding: "2.31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:nfs_plug-in:*:*:*:*:*:vmware_vaai:*:*", matchCriteriaId: "67C3FDD1-BB06-4F30-BA15-4AA98212CB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", }, { lang: "es", value: "Se ha encontrado un fallo en glibc. Un desbordamiento y subdesbordamiento de búfer en la función getcwd() puede conllevar a una corrupción de memoria cuando el tamaño del búfer es exactamente 1. Un atacante local que pueda controlar el búfer de entrada y el tamaño pasado a getcwd() en un programa setuid podría usar este fallo para ejecutar potencialmente código arbitrario y escalar sus privilegios en el sistema.", }, ], id: "CVE-2021-3999", lastModified: "2024-11-21T06:23:20.937", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-24T16:15:09.077", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-3999", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-3999", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221104-0001/", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", }, { source: "secalert@redhat.com", url: "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/01/24/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-3999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-3999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221104-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/01/24/4", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-193", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-193", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
cve-2022-45061
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:01:31.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/python/cpython/issues/98433", }, { name: "FEDORA-2022-45d2cfdfa4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { name: "FEDORA-2022-3e859b6bc6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { name: "FEDORA-2022-e1ce71ff40", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { name: "FEDORA-2022-fdb2739feb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, { name: "FEDORA-2022-6f4e6120d7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { name: "FEDORA-2022-e6d0495206", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { name: "FEDORA-2022-6d51289820", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { name: "FEDORA-2022-50deb53896", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { name: "FEDORA-2022-93c6916349", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { name: "FEDORA-2022-18b234c18b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { name: "FEDORA-2022-de755fd092", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { name: "FEDORA-2022-fd3771db30", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { name: "FEDORA-2022-6b8b96f883", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { name: "FEDORA-2022-3d7e44dbd5", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { name: "FEDORA-2022-b2f06fbb62", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { name: "FEDORA-2022-6ba889e0e3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { name: "FEDORA-2022-dbb811d203", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { name: "FEDORA-2022-e699dd5247", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { name: "FEDORA-2022-fbf6a320fe", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { name: "FEDORA-2022-bcf089dd07", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { name: "FEDORA-2023-a990c93ed0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { name: "FEDORA-2023-78b4ce2f23", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { name: "FEDORA-2023-af5206f71d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { name: "FEDORA-2023-943556a733", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { name: "FEDORA-2023-097dd40685", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { name: "FEDORA-2023-f1381c83af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { name: "GLSA-202305-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-02", }, { name: "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { name: "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { name: "FEDORA-2023-129178fd27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { name: "FEDORA-2023-c43a940a93", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { name: "FEDORA-2023-5460cf6dfb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-15T21:07:33.878146", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/python/cpython/issues/98433", }, { name: "FEDORA-2022-45d2cfdfa4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { name: "FEDORA-2022-3e859b6bc6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { name: "FEDORA-2022-e1ce71ff40", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { name: "FEDORA-2022-fdb2739feb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, { name: "FEDORA-2022-6f4e6120d7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { name: "FEDORA-2022-e6d0495206", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { name: "FEDORA-2022-6d51289820", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { name: "FEDORA-2022-50deb53896", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { name: "FEDORA-2022-93c6916349", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { name: "FEDORA-2022-18b234c18b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { name: "FEDORA-2022-de755fd092", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { name: "FEDORA-2022-fd3771db30", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { name: "FEDORA-2022-6b8b96f883", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { name: "FEDORA-2022-3d7e44dbd5", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { name: "FEDORA-2022-b2f06fbb62", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { name: "FEDORA-2022-6ba889e0e3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { name: "FEDORA-2022-dbb811d203", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { name: "FEDORA-2022-e699dd5247", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { name: "FEDORA-2022-fbf6a320fe", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { name: "FEDORA-2022-bcf089dd07", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { name: "FEDORA-2023-a990c93ed0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { name: "FEDORA-2023-78b4ce2f23", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { name: "FEDORA-2023-af5206f71d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { name: "FEDORA-2023-943556a733", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { name: "FEDORA-2023-097dd40685", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { name: "FEDORA-2023-f1381c83af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { name: "GLSA-202305-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-02", }, { name: "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { name: "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { name: "FEDORA-2023-129178fd27", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { name: "FEDORA-2023-c43a940a93", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { name: "FEDORA-2023-5460cf6dfb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-45061", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-11-09T00:00:00", dateUpdated: "2024-08-03T14:01:31.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27219
Vulnerability from cvelistv5
Published
2021-02-15 16:27
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.gnome.org/GNOME/glib/-/issues/2319 | x_refsource_MISC | |
| https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210319-0004/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202107-13 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.513Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/glib/-/issues/2319", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "FEDORA-2021-7c71cda8da", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { name: "FEDORA-2021-7b5e2e6844", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { name: "GLSA-202107-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-13", }, { name: "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-06T16:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/glib/-/issues/2319", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "FEDORA-2021-7c71cda8da", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { name: "FEDORA-2021-7b5e2e6844", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { name: "GLSA-202107-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-13", }, { name: "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.gnome.org/GNOME/glib/-/issues/2319", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/glib/-/issues/2319", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, { name: "FEDORA-2021-7c71cda8da", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { name: "https://security.netapp.com/advisory/ntap-20210319-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { name: "FEDORA-2021-7b5e2e6844", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { name: "GLSA-202107-13", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-13", }, { name: "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27219", datePublished: "2021-02-15T16:27:38", dateReserved: "2021-02-15T00:00:00", dateUpdated: "2024-08-03T20:40:47.513Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2585
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 16:31
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200122-0003/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202006-22 | vendor-advisory, x_refsource_GENTOO | |
| https://security.gentoo.org/glsa/202209-15 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2585", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:04:50.395929Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T16:31:12.131Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:53", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2585", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "5.9", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2585", datePublished: "2020-01-15T16:34:02", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T16:31:12.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27218
Vulnerability from cvelistv5
Published
2021-02-15 16:27
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "FEDORA-2021-7c71cda8da", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { name: "FEDORA-2021-7b5e2e6844", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-13", }, { name: "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-06T16:06:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "FEDORA-2021-7c71cda8da", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { name: "FEDORA-2021-7b5e2e6844", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-13", }, { name: "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27218", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942", }, { name: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, { name: "FEDORA-2021-7c71cda8da", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/", }, { name: "https://security.netapp.com/advisory/ntap-20210319-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210319-0004/", }, { name: "FEDORA-2021-7b5e2e6844", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-13", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-13", }, { name: "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27218", datePublished: "2021-02-15T16:27:20", dateReserved: "2021-02-15T00:00:00", dateUpdated: "2024-08-03T20:40:47.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3999
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:03.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/01/24/4", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-3999", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-3999", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221104-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "glibc", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in glibc v2.31 and above.", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-193", description: "CWE-193 - Off-by-one Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.openwall.com/lists/oss-security/2022/01/24/4", }, { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", }, { url: "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", }, { url: "https://access.redhat.com/security/cve/CVE-2021-3999", }, { url: "https://security-tracker.debian.org/tracker/CVE-2021-3999", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { url: "https://security.netapp.com/advisory/ntap-20221104-0001/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3999", datePublished: "2022-08-24T00:00:00", dateReserved: "2021-11-22T00:00:00", dateUpdated: "2024-08-03T17:16:03.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2778
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200416-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4662 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4337-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 11.0.6, 14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2778", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:59:35.969192Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:38:23.112Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 11.0.6, 14", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-02T14:06:15", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 11.0.6, 14", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2778", datePublished: "2020-04-15T13:29:45", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:38:23.112Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33587
Vulnerability from cvelistv5
Published
2021-05-28 00:00
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:50:43.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/fb55/css-what/releases/tag/v5.0.1", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210706-0007/", }, { name: "[debian-lts-announce] 20230303 [SECURITY] [DLA 3350-1] node-css-what security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-03T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/fb55/css-what/releases/tag/v5.0.1", }, { url: "https://security.netapp.com/advisory/ntap-20210706-0007/", }, { name: "[debian-lts-announce] 20230303 [SECURITY] [DLA 3350-1] node-css-what security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33587", datePublished: "2021-05-28T00:00:00", dateReserved: "2021-05-27T00:00:00", dateUpdated: "2024-08-03T23:50:43.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23383
Vulnerability from cvelistv5
Published
2021-05-04 08:35
Modified
2024-09-16 19:15
Severity ?
EPSS score ?
Summary
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 | x_refsource_MISC | |
| https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 | x_refsource_MISC | |
| https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030 | x_refsource_MISC | |
| https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031 | x_refsource_MISC | |
| https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210618-0007/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | handlebars |
Version: unspecified < 4.7.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:05:55.702Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210618-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "handlebars", vendor: "n/a", versions: [ { lessThan: "4.7.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Francois Lajeunesse-Robert", }, ], datePublic: "2021-05-04T00:00:00", descriptions: [ { lang: "en", value: "The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.1, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Prototype Pollution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-18T09:06:21", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210618-0007/", }, ], title: "Prototype Pollution", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "report@snyk.io", DATE_PUBLIC: "2021-05-04T08:32:26.698346Z", ID: "CVE-2021-23383", STATE: "PUBLIC", TITLE: "Prototype Pollution", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "handlebars", version: { version_data: [ { version_affected: "<", version_value: "4.7.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, credit: [ { lang: "eng", value: "Francois Lajeunesse-Robert", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Prototype Pollution", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", refsource: "MISC", url: "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", }, { name: "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032", }, { name: "https://security.netapp.com/advisory/ntap-20210618-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210618-0007/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2021-23383", datePublished: "2021-05-04T08:35:21.209216Z", dateReserved: "2021-01-08T00:00:00", dateUpdated: "2024-09-16T19:15:14.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2590
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 16:30
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.836Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2590", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:04:44.827068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T16:30:10.889Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:15", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2590", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2590", datePublished: "2020-01-15T16:34:02", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T16:30:10.889Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22884
Vulnerability from cvelistv5
Published
2021-03-03 17:37
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/nodejs/node |
Version: Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:24.766Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1069487", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160", }, { name: "FEDORA-2021-a760169c3c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { name: "FEDORA-2021-f6bd75e9d4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { name: "FEDORA-2021-6aaba80ba2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/nodejs/node", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0", }, ], }, ], descriptions: [ { lang: "en", value: "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-350", description: "Reliance on Reverse DNS Resolution for a Security-Critical Action (CWE-350)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:08:07", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1069487", }, { tags: [ "x_refsource_MISC", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { tags: [ "x_refsource_MISC", ], url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160", }, { name: "FEDORA-2021-a760169c3c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { name: "FEDORA-2021-f6bd75e9d4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { name: "FEDORA-2021-6aaba80ba2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2021-22884", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/nodejs/node", version: { version_data: [ { version_value: "Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Reliance on Reverse DNS Resolution for a Security-Critical Action (CWE-350)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1069487", refsource: "MISC", url: "https://hackerone.com/reports/1069487", }, { name: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", refsource: "MISC", url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { name: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160", refsource: "MISC", url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160", }, { name: "FEDORA-2021-a760169c3c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { name: "FEDORA-2021-f6bd75e9d4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { name: "FEDORA-2021-6aaba80ba2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210416-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210723-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2021-22884", datePublished: "2021-03-03T17:37:46", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:58:24.766Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11110
Vulnerability from cvelistv5
Published
2020-07-27 12:48
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/grafana/grafana/blob/master/CHANGELOG.md | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200810-0002/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:21:14.729Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200810-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-10T11:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200810-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11110", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", refsource: "MISC", url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { name: "https://security.netapp.com/advisory/ntap-20200810-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200810-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11110", datePublished: "2020-07-27T12:48:30", dateReserved: "2020-03-30T00:00:00", dateUpdated: "2024-08-04T11:21:14.729Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2593
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 16:29
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.836Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2593", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:04:39.425813Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T16:29:29.014Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:18", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2593", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2593", datePublished: "2020-01-15T16:34:02", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T16:29:29.014Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2816
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-27 19:08
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200416-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4662 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4337-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 11.0.6, 14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2816", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:54:00.321524Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T19:08:23.886Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 11.0.6, 14", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-02T14:06:12", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2816", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 11.0.6, 14", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "7.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2816", datePublished: "2020-04-15T13:29:47", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-27T19:08:23.886Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2781
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2781", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:57:27.440297Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:05:39.406Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:35", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2781", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2781", datePublished: "2020-04-15T13:29:46", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:05:39.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2756
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2756", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:00:07.558268Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:41:43.953Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:33", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2756", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2756", datePublished: "2020-04-15T13:29:44", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:41:43.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20231
Vulnerability from cvelistv5
Published
2021-03-12 18:23
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10", }, { name: "FEDORA-2021-18bef34f05", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/", }, { name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210416-0005/", }, { name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gnutls", vendor: "n/a", versions: [ { status: "affected", version: "gnutls 3.7.1", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-30T09:06:16", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", }, { tags: [ "x_refsource_MISC", ], url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10", }, { name: "FEDORA-2021-18bef34f05", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/", }, { name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210416-0005/", }, { name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20231", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gnutls", version: { version_data: [ { version_value: "gnutls 3.7.1", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-416", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", }, { name: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10", refsource: "MISC", url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10", }, { name: "FEDORA-2021-18bef34f05", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/", }, { name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20210416-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210416-0005/", }, { name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20231", datePublished: "2021-03-12T18:23:59", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14621
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:31
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:42.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "[xerces-j-users] 20201014 Security vulnerability in 2.12.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14621", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:53:09.488159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:31:06.202Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:38", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "[xerces-j-users] 20201014 Security vulnerability in 2.12.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14621", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "[xerces-j-users] 20201014 Security vulnerability in 2.12.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14621", datePublished: "2020-07-15T17:34:30", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:31:06.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14581
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:37
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:41.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14581", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:50.930753Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:37:38.551Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:46", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14581", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14581", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:37:38.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28164
Vulnerability from cvelistv5
Published
2021-04-01 14:20
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.37.v20210219 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:12.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "9.4.37.v20210219", versionType: "custom", }, { lessThanOrEqual: "9.4.38.v20210224", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-551", description: "CWE-551", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:54:18", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2021-28164", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse Jetty", version: { version_data: [ { version_affected: ">=", version_value: "9.4.37.v20210219", }, { version_affected: "<=", version_value: "9.4.38.v20210224", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.", }, ], }, impact: { cvss: { baseScore: 5.3, vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, { description: [ { lang: "eng", value: "CWE-551", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5", refsource: "CONFIRM", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20210611-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2021-28164", datePublished: "2021-04-01T14:20:14", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:12.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2755
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2755", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:00:10.185809Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:41:54.140Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:51", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2755", datePublished: "2020-04-15T13:29:44", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:41:54.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26707
Vulnerability from cvelistv5
Published
2021-06-02 14:24
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.npmjs.com/package/merge-deep | x_refsource_MISC | |
| https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5 | x_refsource_MISC | |
| https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210716-0008/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:40.345Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.npmjs.com/package/merge-deep", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210716-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-16T10:06:37", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.npmjs.com/package/merge-deep", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5", }, { tags: [ "x_refsource_MISC", ], url: "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210716-0008/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-26707", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.npmjs.com/package/merge-deep", refsource: "MISC", url: "https://www.npmjs.com/package/merge-deep", }, { name: "https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5", refsource: "MISC", url: "https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5", }, { name: "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/", refsource: "MISC", url: "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/", }, { name: "https://security.netapp.com/advisory/ntap-20210716-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210716-0008/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-26707", datePublished: "2021-06-02T14:24:30", dateReserved: "2021-02-05T00:00:00", dateUpdated: "2024-08-03T20:33:40.345Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2659
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 15:58
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.920Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2659", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:02:31.237374Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:58:31.274Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:19", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2659", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2659", datePublished: "2020-01-15T16:34:05", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:58:31.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14579
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:37
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:35.006Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14579", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:53.726663Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:37:57.254Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:49", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14579", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14579", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:37:57.254Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2803
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 14:48
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.732Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2803", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:41:31.754667Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T14:48:44.826Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:36", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2803", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2803", datePublished: "2020-04-15T13:29:47", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T14:48:44.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28165
Vulnerability from cvelistv5
Published
2021-04-01 14:20
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 7.2.2 < unspecified Version: unspecified < Version: 10.0.0.alpha0 < unspecified Version: unspecified < Version: 11.0.0.alpha0 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:12.085Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", }, { name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E", }, { name: "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165 (#49)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E", }, { name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { name: "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { name: "[oss-security] 20210420 Vulnerability in Jenkins", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/04/20/3", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { name: "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { name: "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "DSA-4949", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4949", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "7.2.2", versionType: "custom", }, { lessThanOrEqual: "9.4.38", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "10.0.0.alpha0", versionType: "custom", }, { lessThanOrEqual: "10.0.1", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "11.0.0.alpha0", versionType: "custom", }, { lessThanOrEqual: "11.0.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-551", description: "CWE-551", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:54:20", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", }, { name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E", }, { name: "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165 (#49)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E", }, { name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { name: "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { name: "[oss-security] 20210420 Vulnerability in Jenkins", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/04/20/3", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { name: "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { name: "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "DSA-4949", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4949", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2021-28165", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse Jetty", version: { version_data: [ { version_affected: ">=", version_value: "7.2.2", }, { version_affected: "<=", version_value: "9.4.38", }, { version_affected: ">=", version_value: "10.0.0.alpha0", }, { version_affected: "<=", version_value: "10.0.1", }, { version_affected: ">=", version_value: "11.0.0.alpha0", }, { version_affected: "<=", version_value: "11.0.1", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.", }, ], }, impact: { cvss: { baseScore: 7.5, vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400", }, ], }, { description: [ { lang: "eng", value: "CWE-551", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", refsource: "CONFIRM", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", }, { name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b@%3Cdev.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4@%3Cissues.hbase.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779@%3Creviews.spark.apache.org%3E", }, { name: "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424@%3Cissues.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152@%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78@%3Ccommits.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9@%3Creviews.spark.apache.org%3E", }, { name: "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97@%3Ccommits.spark.apache.org%3E", }, { name: "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225@%3Cissues.hbase.apache.org%3E", }, { name: "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165 (#49)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1@%3Ccommits.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155@%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed@%3Ccommits.pulsar.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825@%3Cjira.kafka.apache.org%3E", }, { name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f@%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc@%3Ccommits.pulsar.apache.org%3E", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38@%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7@%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E", }, { name: "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1@%3Cjira.kafka.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E", }, { name: "[oss-security] 20210420 Vulnerability in Jenkins", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/04/20/3", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E", }, { name: "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E", }, { name: "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E", }, { name: "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a@%3Cjira.kafka.apache.org%3E", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210611-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "DSA-4949", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4949", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2021-28165", datePublished: "2021-04-01T14:20:14", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:12.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13118
Vulnerability from cvelistv5
Published
2019-07-01 01:27
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:41:10.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://oss-fuzz.com/testcase-detail/5197371471822848", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210348", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210353", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210351", }, { name: "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210346", }, { name: "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/35", }, { name: "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/37", }, { name: "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/36", }, { name: "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jul/24", }, { name: "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jul/23", }, { name: "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jul/22", }, { name: "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jul/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210356", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210357", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210358", }, { name: "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/42", }, { name: "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/40", }, { name: "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/41", }, { name: "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jul/31", }, { name: "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jul/37", }, { name: "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jul/38", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190806-0004/", }, { name: "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/25", }, { name: "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/22", }, { name: "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/23", }, { name: "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/21", }, { name: "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/14", }, { name: "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/11", }, { name: "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/13", }, { name: "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/15", }, { name: "USN-4164-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4164-1/", }, { name: "FEDORA-2019-fdf6ec39b4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", }, { name: "[oss-security] 20191117 Nokogiri security update v1.10.5", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/11/17/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0731", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:08:54", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", }, { tags: [ "x_refsource_MISC", ], url: "https://oss-fuzz.com/testcase-detail/5197371471822848", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210348", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210353", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210351", }, { name: "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210346", }, { name: "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/35", }, { name: "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/37", }, { name: "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/36", }, { name: "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jul/24", }, { name: "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jul/23", }, { name: "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jul/22", }, { name: "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jul/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210356", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210357", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210358", }, { name: "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/42", }, { name: "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/40", }, { name: "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/41", }, { name: "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jul/31", }, { name: "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jul/37", }, { name: "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jul/38", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190806-0004/", }, { name: "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/25", }, { name: "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/22", }, { name: "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/23", }, { name: "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/21", }, { name: "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/14", }, { name: "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/11", }, { name: "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/13", }, { name: "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/15", }, { name: "USN-4164-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4164-1/", }, { name: "FEDORA-2019-fdf6ec39b4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", }, { name: "[oss-security] 20191117 Nokogiri security update v1.10.5", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/11/17/2", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0731", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13118", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", }, { name: "https://oss-fuzz.com/testcase-detail/5197371471822848", refsource: "MISC", url: "https://oss-fuzz.com/testcase-detail/5197371471822848", }, { name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", refsource: "MISC", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", }, { name: "https://support.apple.com/kb/HT210348", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210348", }, { name: "https://support.apple.com/kb/HT210353", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210353", }, { name: "https://support.apple.com/kb/HT210351", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210351", }, { name: "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", }, { name: "https://support.apple.com/kb/HT210346", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210346", }, { name: "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/35", }, { name: "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/37", }, { name: "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/36", }, { name: "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jul/24", }, { name: "20190723 APPLE-SA-2019-7-22-1 iOS 12.4", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jul/23", }, { name: "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jul/22", }, { name: "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jul/26", }, { name: "https://support.apple.com/kb/HT210356", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210356", }, { name: "https://support.apple.com/kb/HT210357", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210357", }, { name: "https://support.apple.com/kb/HT210358", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210358", }, { name: "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/42", }, { name: "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/40", }, { name: "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/41", }, { name: "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jul/31", }, { name: "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jul/37", }, { name: "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jul/38", }, { name: "https://security.netapp.com/advisory/ntap-20190806-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190806-0004/", }, { name: "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/25", }, { name: "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/22", }, { name: "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/23", }, { name: "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/21", }, { name: "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Aug/14", }, { name: "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Aug/11", }, { name: "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Aug/13", }, { name: "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Aug/15", }, { name: "USN-4164-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4164-1/", }, { name: "FEDORA-2019-fdf6ec39b4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", }, { name: "[oss-security] 20191117 Nokogiri security update v1.10.5", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/11/17/2", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0731", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13118", datePublished: "2019-07-01T01:27:39", dateReserved: "2019-06-30T00:00:00", dateUpdated: "2024-08-04T23:41:10.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2767
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:40
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200416-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4662 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4337-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 11.0.6, 14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.632Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2767", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:59:51.390149Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:40:08.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 11.0.6, 14", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-02T14:06:17", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2767", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 11.0.6, 14", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2767", datePublished: "2020-04-15T13:29:45", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:40:08.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3449
Vulnerability from cvelistv5
Published
2021-03-25 14:25
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:53:17.609Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20210325.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148", }, { name: "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", }, { name: "DSA-4875", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4875", }, { name: "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/1", }, { name: "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/2", }, { name: "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/3", }, { name: "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/4", }, { name: "GLSA-202103-03", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202103-03", }, { name: "FEDORA-2021-cbf14ab8f9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-10", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-09", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210326-0006/", }, { tags: [ "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-06", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-05", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10356", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", }, { name: "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)", }, ], }, ], credits: [ { lang: "en", value: "Peter Kästle (Nokia) and Samuel Sapalski (Nokia)", }, ], datePublic: "2021-03-25T00:00:00", descriptions: [ { lang: "en", value: "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#High", value: "High", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "NULL pointer dereference", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:05:57.096577", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20210325.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148", }, { name: "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", }, { name: "DSA-4875", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4875", }, { name: "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/1", }, { name: "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/03/27/2", }, { name: "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/3", }, { name: "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/03/28/4", }, { name: "GLSA-202103-03", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202103-03", }, { name: "FEDORA-2021-cbf14ab8f9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.tenable.com/security/tns-2021-10", }, { url: "https://www.tenable.com/security/tns-2021-09", }, { url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { url: "https://security.netapp.com/advisory/ntap-20210326-0006/", }, { url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", }, { url: "https://www.tenable.com/security/tns-2021-06", }, { url: "https://www.tenable.com/security/tns-2021-05", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10356", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", }, { name: "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "NULL pointer deref in signature_algorithms processing", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2021-3449", datePublished: "2021-03-25T14:25:13.659307Z", dateReserved: "2021-03-17T00:00:00", dateUpdated: "2024-09-17T03:43:55.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13379
Vulnerability from cvelistv5
Published
2020-06-03 18:41
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:18:17.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/06/03/4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.grafana.com/t/release-notes-v7-0-x/29381", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0006/", }, { name: "[oss-security] 20200609 Re: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/06/09/2", }, { name: "FEDORA-2020-e6e81a03d6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/", }, { name: "FEDORA-2020-a09e5be0be", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/", }, { name: "openSUSE-SU-2020:0892", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mostwanted002.cf/post/grafanados/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html", }, { name: "openSUSE-SU-2020:1105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://rhynorater.github.io/CVE-2020-13379-Write-Up", }, { name: "[ambari-issues] 20200903 [jira] [Assigned] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13%40%3Cissues.ambari.apache.org%3E", }, { name: "[ambari-issues] 20200903 [jira] [Created] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd%40%3Cissues.ambari.apache.org%3E", }, { name: "openSUSE-SU-2020:1611", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html", }, { name: "openSUSE-SU-2020:1646", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html", }, { name: "[ambari-issues] 20210121 [jira] [Updated] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60%40%3Cissues.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-commits] 20210125 [ambari] branch branch-2.7 updated: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379 (#3279)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820%40%3Ccommits.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210125 [GitHub] [ambari] payert merged pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-issues] 20210127 [jira] [Resolved] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da%40%3Cissues.ambari.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-27T10:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openwall.com/lists/oss-security/2020/06/03/4", }, { tags: [ "x_refsource_MISC", ], url: "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/", }, { tags: [ "x_refsource_MISC", ], url: "https://community.grafana.com/t/release-notes-v7-0-x/29381", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0006/", }, { name: "[oss-security] 20200609 Re: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/06/09/2", }, { name: "FEDORA-2020-e6e81a03d6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/", }, { name: "FEDORA-2020-a09e5be0be", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/", }, { name: "openSUSE-SU-2020:0892", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html", }, { tags: [ "x_refsource_MISC", ], url: "https://mostwanted002.cf/post/grafanados/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html", }, { name: "openSUSE-SU-2020:1105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html", }, { tags: [ "x_refsource_MISC", ], url: "https://rhynorater.github.io/CVE-2020-13379-Write-Up", }, { name: "[ambari-issues] 20200903 [jira] [Assigned] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13%40%3Cissues.ambari.apache.org%3E", }, { name: "[ambari-issues] 20200903 [jira] [Created] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd%40%3Cissues.ambari.apache.org%3E", }, { name: "openSUSE-SU-2020:1611", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html", }, { name: "openSUSE-SU-2020:1646", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html", }, { name: "[ambari-issues] 20210121 [jira] [Updated] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60%40%3Cissues.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-commits] 20210125 [ambari] branch branch-2.7 updated: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379 (#3279)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820%40%3Ccommits.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210125 [GitHub] [ambari] payert merged pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2%40%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-issues] 20210127 [jira] [Resolved] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da%40%3Cissues.ambari.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13379", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://community.grafana.com/t/release-notes-v6-7-x/27119", refsource: "MISC", url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { name: "http://www.openwall.com/lists/oss-security/2020/06/03/4", refsource: "CONFIRM", url: "http://www.openwall.com/lists/oss-security/2020/06/03/4", }, { name: "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408", refsource: "MISC", url: "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408", }, { name: "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/", refsource: "CONFIRM", url: "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/", }, { name: "https://community.grafana.com/t/release-notes-v7-0-x/29381", refsource: "MISC", url: "https://community.grafana.com/t/release-notes-v7-0-x/29381", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0006/", }, { name: "[oss-security] 20200609 Re: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/06/09/2", }, { name: "FEDORA-2020-e6e81a03d6", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/", }, { name: "FEDORA-2020-a09e5be0be", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/", }, { name: "openSUSE-SU-2020:0892", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html", }, { name: "https://mostwanted002.cf/post/grafanados/", refsource: "MISC", url: "https://mostwanted002.cf/post/grafanados/", }, { name: "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html", }, { name: "openSUSE-SU-2020:1105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html", }, { name: "https://rhynorater.github.io/CVE-2020-13379-Write-Up", refsource: "MISC", url: "https://rhynorater.github.io/CVE-2020-13379-Write-Up", }, { name: "[ambari-issues] 20200903 [jira] [Assigned] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E", }, { name: "[ambari-issues] 20200903 [jira] [Created] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E", }, { name: "openSUSE-SU-2020:1611", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html", }, { name: "openSUSE-SU-2020:1646", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html", }, { name: "[ambari-issues] 20210121 [jira] [Updated] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210121 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210122 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-commits] 20210125 [ambari] branch branch-2.7 updated: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379 (#3279)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E", }, { name: "[ambari-dev] 20210125 [GitHub] [ambari] payert merged pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E", }, { name: "[ambari-issues] 20210127 [jira] [Resolved] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13379", datePublished: "2020-06-03T18:41:09", dateReserved: "2020-05-22T00:00:00", dateUpdated: "2024-08-04T12:18:17.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21702
Vulnerability from cvelistv5
Published
2022-02-08 19:40
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g | x_refsource_CONFIRM | |
| https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85 | x_refsource_MISC | |
| https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220303-0005/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:34.846Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grafana", vendor: "grafana", versions: [ { status: "affected", version: ">= 2.0.0-beta1, < 7.5.15", }, { status: "affected", version: ">= 8.0.0, < 8.3.5", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-07T07:06:28", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85", }, { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], source: { advisory: "GHSA-xc3p-28hw-q24g", discovery: "UNKNOWN", }, title: "Cross site scripting in Grafana proxy", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-21702", STATE: "PUBLIC", TITLE: "Cross site scripting in Grafana proxy", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grafana", version: { version_data: [ { version_value: ">= 2.0.0-beta1, < 7.5.15", }, { version_value: ">= 8.0.0, < 8.3.5", }, ], }, }, ], }, vendor_name: "grafana", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { name: "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85", refsource: "MISC", url: "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85", }, { name: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", refsource: "MISC", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], }, source: { advisory: "GHSA-xc3p-28hw-q24g", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-21702", datePublished: "2022-02-08T19:40:11", dateReserved: "2021-11-16T00:00:00", dateUpdated: "2024-08-03T02:53:34.846Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13272
Vulnerability from cvelistv5
Published
2019-07-17 12:32
Modified
2025-02-04 20:35
Severity ?
EPSS score ?
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:49:24.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4095-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-13272", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:35:06.511512Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-13272", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:35:33.942Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-23T18:06:10.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4095-1/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { name: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { name: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { name: "https://security.netapp.com/advisory/ntap-20190806-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4095-1/", }, { name: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { name: "https://support.f5.com/csp/article/K91025336", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { name: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS", }, { name: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { name: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { name: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13272", datePublished: "2019-07-17T12:32:55.000Z", dateReserved: "2019-07-04T00:00:00.000Z", dateUpdated: "2025-02-04T20:35:33.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22883
Vulnerability from cvelistv5
Published
2021-03-03 17:38
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/nodejs/node |
Version: Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:24.778Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1043360", }, { name: "FEDORA-2021-a760169c3c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { name: "FEDORA-2021-f6bd75e9d4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { name: "FEDORA-2021-6aaba80ba2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/nodejs/node", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0", }, ], }, ], descriptions: [ { lang: "en", value: "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (CWE-400)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:06:41", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1043360", }, { name: "FEDORA-2021-a760169c3c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { name: "FEDORA-2021-f6bd75e9d4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { name: "FEDORA-2021-6aaba80ba2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2021-22883", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/nodejs/node", version: { version_data: [ { version_value: "Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service (CWE-400)", }, ], }, ], }, references: { reference_data: [ { name: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", refsource: "MISC", url: "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/", }, { name: "https://hackerone.com/reports/1043360", refsource: "MISC", url: "https://hackerone.com/reports/1043360", }, { name: "FEDORA-2021-a760169c3c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/", }, { name: "FEDORA-2021-f6bd75e9d4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/", }, { name: "FEDORA-2021-6aaba80ba2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210416-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210416-0001/", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2021-22883", datePublished: "2021-03-03T17:38:32", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:58:24.778Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2773
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:39
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2773", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:59:40.704407Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:39:10.475Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:54", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2773", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2773", datePublished: "2020-04-15T13:29:45", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:39:10.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14593
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:35
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:42.576Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14593", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:35.278922Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:35:33.800Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:43", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14593", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14593", datePublished: "2020-07-15T17:34:29", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:35:33.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2601
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 16:22
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2601", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:04:27.899340Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T16:22:28.344Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:17", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2601", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "6.8", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2601", datePublished: "2020-01-15T16:34:02", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T16:22:28.344Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33623
Vulnerability from cvelistv5
Published
2021-05-28 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:21.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.npmjs.com/package/trim-newlines", }, { tags: [ "x_transferred", ], url: "https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210702-0007/", }, { name: "[debian-lts-announce] 20221223 [SECURITY] [DLA 3247-1] node-trim-newlines security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.npmjs.com/package/trim-newlines", }, { url: "https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1", }, { url: "https://security.netapp.com/advisory/ntap-20210702-0007/", }, { name: "[debian-lts-announce] 20221223 [SECURITY] [DLA 3247-1] node-trim-newlines security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33623", datePublished: "2021-05-28T00:00:00", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:21.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4044
Vulnerability from cvelistv5
Published
2021-12-14 18:40
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openssl.org/news/secadv/20211214.txt | x_refsource_CONFIRM | |
| https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20211229-0003/ | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:03.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)", }, ], }, ], credits: [ { lang: "en", value: "Tobias Nießen", }, ], datePublic: "2021-12-14T00:00:00", descriptions: [ { lang: "en", value: "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Invalid error handling", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-29T20:06:26", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20211214.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, ], title: "Invalid handling of X509_verify_cert() internal errors in libssl", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2021-12-14", ID: "CVE-2021-4044", STATE: "PUBLIC", TITLE: "Invalid handling of X509_verify_cert() internal errors in libssl", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "Tobias Nießen", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Invalid error handling", }, ], }, ], }, references: { reference_data: [ { name: "https://www.openssl.org/news/secadv/20211214.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20211214.txt", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256", }, { name: "https://security.netapp.com/advisory/ntap-20211229-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211229-0003/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2021-4044", datePublished: "2021-12-14T18:40:11.901374Z", dateReserved: "2021-12-02T00:00:00", dateUpdated: "2024-09-17T03:17:39.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21703
Vulnerability from cvelistv5
Published
2022-02-08 20:40
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/ | x_refsource_MISC | |
| https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w | x_refsource_CONFIRM | |
| https://github.com/grafana/grafana/pull/45083 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220303-0005/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:35.380Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/grafana/grafana/pull/45083", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grafana", vendor: "grafana", versions: [ { status: "affected", version: ">= 3.0-beta1, < 7.5.15", }, { status: "affected", version: ">= 8.0.0, < 8.3.5", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352: Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-07T07:06:31", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/grafana/grafana/pull/45083", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], source: { advisory: "GHSA-cmf4-h3xc-jw8w", discovery: "UNKNOWN", }, title: "Cross Site Request Forgery in Grafana", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-21703", STATE: "PUBLIC", TITLE: "Cross Site Request Forgery in Grafana", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grafana", version: { version_data: [ { version_value: ">= 3.0-beta1, < 7.5.15", }, { version_value: ">= 8.0.0, < 8.3.5", }, ], }, }, ], }, vendor_name: "grafana", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352: Cross-Site Request Forgery (CSRF)", }, ], }, ], }, references: { reference_data: [ { name: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", refsource: "MISC", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { name: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { name: "https://github.com/grafana/grafana/pull/45083", refsource: "MISC", url: "https://github.com/grafana/grafana/pull/45083", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], }, source: { advisory: "GHSA-cmf4-h3xc-jw8w", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-21703", datePublished: "2022-02-08T20:40:10", dateReserved: "2021-11-16T00:00:00", dateUpdated: "2024-08-03T02:53:35.380Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2604
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 14:51
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2604", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:42:05.369215Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T14:51:54.874Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T22:43:05", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2604", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.1", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, { name: "https://www.oracle.com/security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2604", datePublished: "2020-01-15T16:34:03", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T14:51:54.874Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14782
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:23
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:43.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14782", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:39.909812Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:23:59.582Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:13", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14782", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14782", datePublished: "2020-10-21T14:04:25", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:23:59.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2800
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:02
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.727Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2800", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:59:16.949849Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:02:23.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:30", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2800", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2800", datePublished: "2020-04-15T13:29:46", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:02:23.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14664
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:25
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200717-0005/ | x_refsource_CONFIRM | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-897/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202209-15 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:42.545Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-897/", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14664", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:54:50.939497Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:25:29.065Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:52", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-897/", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-20-897/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-20-897/", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14664", datePublished: "2020-07-15T17:34:32", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:25:29.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14583
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:37
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:41.875Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14583", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:55:01.769871Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:37:10.873Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:25", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14583", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14583", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:37:10.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-21267
Vulnerability from cvelistv5
Published
2021-03-19 20:25
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr | x_refsource_CONFIRM | |
| https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f | x_refsource_MISC | |
| https://www.npmjs.com/package/schema-inspector | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210528-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| schema-inspector | schema-inspector |
Version: < 2.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:09:14.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.npmjs.com/package/schema-inspector", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210528-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "schema-inspector", vendor: "schema-inspector", versions: [ { status: "affected", version: "< 2.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-28T09:06:17", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f", }, { tags: [ "x_refsource_MISC", ], url: "https://www.npmjs.com/package/schema-inspector", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210528-0006/", }, ], source: { advisory: "GHSA-f38p-c2gq-4pmr", discovery: "UNKNOWN", }, title: "Regular Expression Denial-of-Service in npm schema-inspector", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-21267", STATE: "PUBLIC", TITLE: "Regular Expression Denial-of-Service in npm schema-inspector", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "schema-inspector", version: { version_data: [ { version_value: "< 2.0.0", }, ], }, }, ], }, vendor_name: "schema-inspector", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr", refsource: "CONFIRM", url: "https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr", }, { name: "https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f", refsource: "MISC", url: "https://gist.github.com/mattwelke/b7f42424680a57b8161794ad1737cd8f", }, { name: "https://www.npmjs.com/package/schema-inspector", refsource: "MISC", url: "https://www.npmjs.com/package/schema-inspector", }, { name: "https://security.netapp.com/advisory/ntap-20210528-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210528-0006/", }, ], }, source: { advisory: "GHSA-f38p-c2gq-4pmr", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-21267", datePublished: "2021-03-19T20:25:13", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-03T18:09:14.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31097
Vulnerability from cvelistv5
Published
2022-07-15 12:10
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f | x_refsource_CONFIRM | |
| https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3/ | x_refsource_MISC | |
| https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/ | x_refsource_MISC | |
| https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220901-0010/ | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:11:38.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grafana", vendor: "grafana", versions: [ { status: "affected", version: ">= 9.0.0, < 9.0.3", }, { status: "affected", version: ">= 8.5.0, < 8.5.9", }, { status: "affected", version: ">= 8.4.0, < 8.4.10", }, { status: "affected", version: ">= 8.0.0, < 8.3.10", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-01T13:06:34", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f", }, { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3/", }, { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], source: { advisory: "GHSA-vw7q-p2qg-4m5f", discovery: "UNKNOWN", }, title: "Stored XSS in Grafana's Unified Alerting", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-31097", STATE: "PUBLIC", TITLE: "Stored XSS in Grafana's Unified Alerting", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grafana", version: { version_data: [ { version_value: ">= 9.0.0, < 9.0.3", }, { version_value: ">= 8.5.0, < 8.5.9", }, { version_value: ">= 8.4.0, < 8.4.10", }, { version_value: ">= 8.0.0, < 8.3.10", }, ], }, }, ], }, vendor_name: "grafana", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f", }, { name: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3/", refsource: "MISC", url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3/", }, { name: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", refsource: "MISC", url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { name: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9/", refsource: "MISC", url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9/", }, { name: "https://security.netapp.com/advisory/ntap-20220901-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], }, source: { advisory: "GHSA-vw7q-p2qg-4m5f", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-31097", datePublished: "2022-07-15T12:10:10", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T07:11:38.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2654
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 15:59
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:55.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2654", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:02:46.145962Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:59:18.682Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:12", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2654", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2654", datePublished: "2020-01-15T16:34:05", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:59:18.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27358
Vulnerability from cvelistv5
Published
2021-03-18 19:43
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/grafana/grafana/blob/master/CHANGELOG.md | x_refsource_CONFIRM | |
| https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/ | x_refsource_CONFIRM | |
| https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20210513-0007/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:16.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-13T20:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210513-0007/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27358", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", }, { name: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/", refsource: "CONFIRM", url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/", }, { name: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17", }, { name: "https://security.netapp.com/advisory/ntap-20210513-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210513-0007/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27358", datePublished: "2021-03-18T19:43:04", dateReserved: "2021-02-16T00:00:00", dateUpdated: "2024-08-03T20:48:16.124Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2830
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-27 19:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2830", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:53:52.379987Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T19:06:46.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-09T07:06:10", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2830", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2830", datePublished: "2020-04-15T13:29:48", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-27T19:06:46.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2583
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 16:31
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.723Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2583", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:04:53.482302Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T16:31:41.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:16", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2583", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "RHSA-2020:0465", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0465", }, { name: "RHSA-2020:0470", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0470", }, { name: "RHSA-2020:0467", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0467", }, { name: "RHSA-2020:0469", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0469", }, { name: "RHSA-2020:0468", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0468", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2583", datePublished: "2020-01-15T16:34:02", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T16:31:41.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14577
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14577", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:56.789755Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:38:12.047Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:41", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14577", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14577", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:38:12.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2757
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.624Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2757", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:00:05.581818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:41:34.588Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:31", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2757", datePublished: "2020-04-15T13:29:44", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:41:34.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14578
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.793Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14578", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:55.382224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:38:05.115Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:28", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14578", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14578", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:38:05.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1967
Vulnerability from cvelistv5
Published
2020-04-21 13:45
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:54:00.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FreeBSD-SA-20:11", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc", }, { name: "DSA-4661", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4661", }, { name: "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/04/22/2", }, { name: "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E", }, { name: "GLSA-202004-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202004-10", }, { name: "FEDORA-2020-fcc91a28e8", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", }, { name: "FEDORA-2020-da2d1ef2d7", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", }, { name: "20200501 CVE-2020-1967: proving sigalg != NULL", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/May/5", }, { name: "FEDORA-2020-d7b29838f6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", }, { name: "openSUSE-SU-2020:0933", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html", }, { name: "openSUSE-SU-2020:0945", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20200421.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200424-0003/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/irsl/CVE-2020-1967", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-04", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-11", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-10", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)", }, ], }, ], credits: [ { lang: "en", value: "Bernd Edlinger", }, ], datePublic: "2020-04-21T00:00:00", descriptions: [ { lang: "en", value: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#High", value: "High", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "NULL pointer dereference", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:39:19", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "FreeBSD-SA-20:11", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc", }, { name: "DSA-4661", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4661", }, { name: "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/04/22/2", }, { name: "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E", }, { name: "GLSA-202004-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202004-10", }, { name: "FEDORA-2020-fcc91a28e8", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", }, { name: "FEDORA-2020-da2d1ef2d7", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", }, { name: "20200501 CVE-2020-1967: proving sigalg != NULL", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/May/5", }, { name: "FEDORA-2020-d7b29838f6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", }, { name: "openSUSE-SU-2020:0933", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html", }, { name: "openSUSE-SU-2020:0945", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2020-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20200421.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200424-0003/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/irsl/CVE-2020-1967", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/security/advisory/Synology_SA_20_05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2020-04", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2020-11", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-10", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "Segmentation fault in SSL_check_chain", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2020-04-21", ID: "CVE-2020-1967", STATE: "PUBLIC", TITLE: "Segmentation fault in SSL_check_chain", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "Bernd Edlinger", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#High", value: "High", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "NULL pointer dereference", }, ], }, ], }, references: { reference_data: [ { name: "FreeBSD-SA-20:11", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc", }, { name: "DSA-4661", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4661", }, { name: "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/04/22/2", }, { name: "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E", }, { name: "GLSA-202004-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202004-10", }, { name: "FEDORA-2020-fcc91a28e8", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", }, { name: "FEDORA-2020-da2d1ef2d7", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", }, { name: "20200501 CVE-2020-1967: proving sigalg != NULL", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/May/5", }, { name: "FEDORA-2020-d7b29838f6", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", }, { name: "openSUSE-SU-2020:0933", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html", }, { name: "openSUSE-SU-2020:0945", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.tenable.com/security/tns-2020-03", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2020-03", }, { name: "https://www.openssl.org/news/secadv/20200421.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20200421.txt", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1", }, { name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", refsource: "CONFIRM", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", }, { name: "https://security.netapp.com/advisory/ntap-20200424-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200424-0003/", }, { name: "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL", refsource: "CONFIRM", url: "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL", }, { name: "https://github.com/irsl/CVE-2020-1967", refsource: "MISC", url: "https://github.com/irsl/CVE-2020-1967", }, { name: "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html", }, { name: "https://www.synology.com/security/advisory/Synology_SA_20_05", refsource: "CONFIRM", url: "https://www.synology.com/security/advisory/Synology_SA_20_05", }, { name: "https://www.tenable.com/security/tns-2020-04", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2020-04", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0004/", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.tenable.com/security/tns-2020-11", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2020-11", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://www.tenable.com/security/tns-2021-10", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-10", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2020-1967", datePublished: "2020-04-21T13:45:15.136203Z", dateReserved: "2019-12-03T00:00:00", dateUpdated: "2024-09-17T03:13:46.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2805
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 14:47
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.632Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2805", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:41:30.438557Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T14:47:34.000Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:44", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2805", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2805", datePublished: "2020-04-15T13:29:47", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T14:47:34.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28163
Vulnerability from cvelistv5
Published
2021-04-01 14:20
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.32 < unspecified Version: unspecified < Version: 10.0.0.beta2 < unspecified Version: unspecified < Version: 11.0.0.beta2 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:12.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { name: "FEDORA-2021-444e38face", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/", }, { name: "FEDORA-2021-35f06984d7", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/", }, { name: "FEDORA-2021-fd66b2bd53", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "9.4.32", versionType: "custom", }, { lessThanOrEqual: "9.4.38", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "10.0.0.beta2", versionType: "custom", }, { lessThanOrEqual: "10.0.1", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "11.0.0.beta2", versionType: "custom", }, { lessThanOrEqual: "11.0.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:54:15", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E", }, { name: "FEDORA-2021-444e38face", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/", }, { name: "FEDORA-2021-35f06984d7", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/", }, { name: "FEDORA-2021-fd66b2bd53", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2021-28163", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse Jetty", version: { version_data: [ { version_affected: ">=", version_value: "9.4.32", }, { version_affected: "<=", version_value: "9.4.38", }, { version_affected: ">=", version_value: "10.0.0.beta2", }, { version_affected: "<=", version_value: "10.0.1", }, { version_affected: ">=", version_value: "11.0.0.beta2", }, { version_affected: "<=", version_value: "11.0.1", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.", }, ], }, impact: { cvss: { baseScore: 2.7, vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq", refsource: "CONFIRM", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq", }, { name: "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E", }, { name: "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3@%3Cissues.solr.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E", }, { name: "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E", }, { name: "FEDORA-2021-444e38face", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/", }, { name: "FEDORA-2021-35f06984d7", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/", }, { name: "FEDORA-2021-fd66b2bd53", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/", }, { name: "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20210611-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210611-0006/", }, { name: "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2021-28163", datePublished: "2021-04-01T14:20:13", dateReserved: "2021-03-12T00:00:00", dateUpdated: "2024-08-03T21:40:12.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32640
Vulnerability from cvelistv5
Published
2021-05-25 18:25
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693 | x_refsource_CONFIRM | |
| https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff | x_refsource_MISC | |
| https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30%40%3Ccommits.tinkerpop.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210706-0005/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| websockets | ws |
Version: >= 5.0.0 <= 7.4.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:25:31.019Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff", }, { name: "[tinkerpop-commits] 20210701 [tinkerpop] 01/03: Bumped ws to 6.2.2 to address CVE-2021-32640 CTR", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30%40%3Ccommits.tinkerpop.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210706-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ws", vendor: "websockets", versions: [ { status: "affected", version: ">= 5.0.0 <= 7.4.5", }, ], }, ], descriptions: [ { lang: "en", value: "ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-06T07:06:26", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff", }, { name: "[tinkerpop-commits] 20210701 [tinkerpop] 01/03: Bumped ws to 6.2.2 to address CVE-2021-32640 CTR", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30%40%3Ccommits.tinkerpop.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210706-0005/", }, ], source: { advisory: "GHSA-6fc8-4gx4-v693", discovery: "UNKNOWN", }, title: "ReDoS in Sec-Websocket-Protocol header", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32640", STATE: "PUBLIC", TITLE: "ReDoS in Sec-Websocket-Protocol header", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ws", version: { version_data: [ { version_value: ">= 5.0.0 <= 7.4.5", }, ], }, }, ], }, vendor_name: "websockets", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693", refsource: "CONFIRM", url: "https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693", }, { name: "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff", refsource: "MISC", url: "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff", }, { name: "[tinkerpop-commits] 20210701 [tinkerpop] 01/03: Bumped ws to 6.2.2 to address CVE-2021-32640 CTR", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20210706-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210706-0005/", }, ], }, source: { advisory: "GHSA-6fc8-4gx4-v693", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32640", datePublished: "2021-05-25T18:25:09", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:25:31.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31107
Vulnerability from cvelistv5
Published
2022-07-15 12:30
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/ | x_refsource_MISC | |
| https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2 | x_refsource_CONFIRM | |
| https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/ | x_refsource_MISC | |
| https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220901-0010/ | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:11:38.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grafana", vendor: "grafana", versions: [ { status: "affected", version: ">= 5.3, < 8.3.10", }, { status: "affected", version: ">= 8.4.0, < 8.4.10", }, { status: "affected", version: ">= 8.5.0, < 8.5.9", }, { status: "affected", version: ">= 9.0.0, < 9.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-01T13:06:35", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2", }, { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/", }, { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], source: { advisory: "GHSA-mx47-6497-3fv2", discovery: "UNKNOWN", }, title: "Grafana account takeover via OAuth vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-31107", STATE: "PUBLIC", TITLE: "Grafana account takeover via OAuth vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grafana", version: { version_data: [ { version_value: ">= 5.3, < 8.3.10", }, { version_value: ">= 8.4.0, < 8.4.10", }, { version_value: ">= 8.5.0, < 8.5.9", }, { version_value: ">= 9.0.0, < 9.0.3", }, ], }, }, ], }, vendor_name: "grafana", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-863: Incorrect Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", refsource: "MISC", url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/", }, { name: "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2", }, { name: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/", refsource: "MISC", url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/", }, { name: "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/", refsource: "MISC", url: "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/", }, { name: "https://security.netapp.com/advisory/ntap-20220901-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220901-0010/", }, ], }, source: { advisory: "GHSA-mx47-6497-3fv2", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-31107", datePublished: "2022-07-15T12:30:14", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T07:11:38.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23491
Vulnerability from cvelistv5
Published
2022-12-07 21:15
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 | x_refsource_CONFIRM | |
| https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| certifi | python-certifi |
Version: < 2022.12.07 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20230223-0010/", }, { name: "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8", }, { name: "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "python-certifi", vendor: "certifi", versions: [ { status: "affected", version: "< 2022.12.07", }, ], }, ], descriptions: [ { lang: "en", value: "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-345", description: "CWE-345: Insufficient Verification of Data Authenticity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-07T21:15:53.804Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8", }, { name: "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ", tags: [ "x_refsource_MISC", ], url: "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ", }, ], source: { advisory: "GHSA-43fp-rhv2-5gv8", discovery: "UNKNOWN", }, title: "Removal of TrustCor root certificate", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23491", datePublished: "2022-12-07T21:15:53.804Z", dateReserved: "2022-01-19T21:23:53.763Z", dateUpdated: "2024-08-03T03:43:46.116Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14556
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14556", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:59:18.810625Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:41:03.969Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:26", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14556", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14556", datePublished: "2020-07-15T17:34:27", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:41:03.969Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31123
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:11:39.205Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8", }, { tags: [ "x_transferred", ], url: "https://github.com/grafana/grafana/releases/tag/v9.1.8", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221124-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grafana", vendor: "grafana", versions: [ { status: "affected", version: "< 8.5.14", }, { status: "affected", version: ">= 9.0.0, < 9.1.8", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347: Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-24T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8", }, { url: "https://github.com/grafana/grafana/releases/tag/v9.1.8", }, { url: "https://security.netapp.com/advisory/ntap-20221124-0002/", }, ], source: { advisory: "GHSA-rhxj-gh46-jvw8", discovery: "UNKNOWN", }, title: "Grafana plugin signature bypass vulnerability", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-31123", datePublished: "2022-10-13T00:00:00", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T07:11:39.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21713
Vulnerability from cvelistv5
Published
2022-02-08 20:50
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/ | x_refsource_MISC | |
| https://github.com/grafana/grafana/pull/45083 | x_refsource_MISC | |
| https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20220303-0005/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:34.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/grafana/grafana/pull/45083", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grafana", vendor: "grafana", versions: [ { status: "affected", version: ">= 5.0.0-beta1, < 7.5.15", }, { status: "affected", version: ">= 8.0.0, < 8.3.5", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-07T07:06:33", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/grafana/grafana/pull/45083", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], source: { advisory: "GHSA-63g3-9jq3-mccv", discovery: "UNKNOWN", }, title: "Exposure of Sensitive Information in Grafana", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-21713", STATE: "PUBLIC", TITLE: "Exposure of Sensitive Information in Grafana", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grafana", version: { version_data: [ { version_value: ">= 5.0.0-beta1, < 7.5.15", }, { version_value: ">= 8.0.0, < 8.3.5", }, ], }, }, ], }, vendor_name: "grafana", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-863: Incorrect Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", refsource: "MISC", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { name: "https://github.com/grafana/grafana/pull/45083", refsource: "MISC", url: "https://github.com/grafana/grafana/pull/45083", }, { name: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], }, source: { advisory: "GHSA-63g3-9jq3-mccv", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-21713", datePublished: "2022-02-08T20:50:17", dateReserved: "2021-11-16T00:00:00", dateUpdated: "2024-08-03T02:53:34.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }