cvelistv5 - cve-2018-8012

CVE-2018-8012 (GCVE-0-2018-8012)

Vulnerability from cvelistv5

Published

2018-05-21 19:00

Modified

2024-09-17 00:01

Severity ?

CWE

Gain Privilege

Summary

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

References

URL

Tags

security@apache.org	http://www.securityfocus.com/bid/104253	Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1040948	Third Party Advisory, VDB Entry
security@apache.org	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E
security@apache.org	https://www.debian.org/security/2018/dsa-4214	Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104253	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040948	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4214	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache ZooKeeper	Version: Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:11.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4214",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4214"
          },
          {
            "name": "1040948",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040948"
          },
          {
            "name": "104253",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104253"
          },
          {
            "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
          },
          {
            "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
          },
          {
            "name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
          },
          {
            "name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache ZooKeeper",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta"
            }
          ]
        }
      ],
      "datePublic": "2018-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:06:52",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "DSA-4214",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4214"
        },
        {
          "name": "1040948",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040948"
        },
        {
          "name": "104253",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104253"
        },
        {
          "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
        },
        {
          "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
        },
        {
          "name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
        },
        {
          "name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-05-21T00:00:00",
          "ID": "CVE-2018-8012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache ZooKeeper",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4214",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4214"
            },
            {
              "name": "1040948",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040948"
            },
            {
              "name": "104253",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104253"
            },
            {
              "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
            },
            {
              "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
            },
            {
              "name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
            },
            {
              "name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8012",
    "datePublished": "2018-05-21T19:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-17T00:01:04.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8012\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-05-21T19:29:00.250\",\"lastModified\":\"2024-11-21T04:13:05.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.\"},{\"lang\":\"es\",\"value\":\"No se aplica autenticaci\u00f3n/autorizaci\u00f3n cuando un servidor intenta unirse a un quorum en Apache ZooKeeper en versiones anteriores a la 3.4.10 y 3.5.0-alpha hasta 3.5.3-beta. Como resultado, un endpoint arbitrario podr\u00eda unirse al cl\u00faster y comenzar a propagar cambios falsos al l\u00edder.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.10\",\"matchCriteriaId\":\"AF046E81-F6AA-4138-9493-56238351A16E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndIncluding\":\"3.5.3\",\"matchCriteriaId\":\"B40328D8-7E48-43E0-B7CB-722406390A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0F84E2-88CE-4350-B342-DA761D43682E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C99F52-0D85-41C8-A0DA-CE29C917ADDC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1.0.0.1\",\"matchCriteriaId\":\"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104253\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040948\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4214\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104253\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

ghsa-ccqf-c5hq-77mp

Vulnerability from github

Published

2022-05-13 01:05

Modified

2022-06-29 19:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Missing Authorization in Apache ZooKeeper

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.4.9"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.zookeeper:zookeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.5.3-beta"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.zookeeper:zookeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.5.0-alpha"
            },
            {
              "fixed": "3.5.4-beta"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-29T19:03:52Z",
    "nvd_published_at": "2018-05-21T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
  "id": "GHSA-ccqf-c5hq-77mp",
  "modified": "2022-06-29T19:03:52Z",
  "published": "2022-05-13T01:05:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8012"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4214"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104253"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040948"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing Authorization in Apache ZooKeeper"
}

WID-SEC-W-2022-0770

Vulnerability from csaf_certbund

Published

2020-04-23 22:00

Modified

2024-05-16 22:00

Summary

IBM DB2: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service zu verursachen",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0770 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0770 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6198380 vom 2020-04-23",
        "url": "https://www.ibm.com/support/pages/node/6198380"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2020:2603"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04",
        "url": "https://access.redhat.com/errata/RHSA-2020:4807"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:3225"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27",
        "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6605881 vom 2022-07-21",
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
        "url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
        "url": "https://www.ibm.com/support/pages/node/7153639"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:32:05.856+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0770",
      "initial_release_date": "2020-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-06-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-05-26T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2022-07-20T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-10-03T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2024-02-04T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Hitachi Ops Center",
                "product": {
                  "name": "Hitachi Ops Center",
                  "product_id": "T017562",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hitachi:ops_center:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cAnalyzer 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
                  "product_id": "T030196"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cViewpoint 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
                  "product_id": "T030197"
                }
              }
            ],
            "category": "product_name",
            "name": "Ops Center"
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.1",
                "product": {
                  "name": "IBM DB2 11.1",
                  "product_id": "342000",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:11.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.5",
                "product": {
                  "name": "IBM DB2 11.5",
                  "product_id": "695419",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:11.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0001",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2009-0001"
    },
    {
      "cve": "CVE-2014-0114",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-0114"
    },
    {
      "cve": "CVE-2014-0193",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-0193"
    },
    {
      "cve": "CVE-2014-3488",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-3488"
    },
    {
      "cve": "CVE-2015-2156",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2015-2156"
    },
    {
      "cve": "CVE-2016-2402",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2016-2402"
    },
    {
      "cve": "CVE-2017-12972",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12972"
    },
    {
      "cve": "CVE-2017-12973",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12973"
    },
    {
      "cve": "CVE-2017-12974",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12974"
    },
    {
      "cve": "CVE-2017-18640",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-18640"
    },
    {
      "cve": "CVE-2017-3734",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-3734"
    },
    {
      "cve": "CVE-2017-5637",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-5637"
    },
    {
      "cve": "CVE-2018-10237",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-10237"
    },
    {
      "cve": "CVE-2018-11771",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-11771"
    },
    {
      "cve": "CVE-2018-8009",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-8009"
    },
    {
      "cve": "CVE-2018-8012",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-8012"
    },
    {
      "cve": "CVE-2019-0201",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-0201"
    },
    {
      "cve": "CVE-2019-10086",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10086"
    },
    {
      "cve": "CVE-2019-10172",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10172"
    },
    {
      "cve": "CVE-2019-10202",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10202"
    },
    {
      "cve": "CVE-2019-12402",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-12402"
    },
    {
      "cve": "CVE-2019-16869",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-16869"
    },
    {
      "cve": "CVE-2019-17195",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-17195"
    },
    {
      "cve": "CVE-2019-17571",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-17571"
    },
    {
      "cve": "CVE-2019-9512",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9512"
    },
    {
      "cve": "CVE-2019-9514",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9514"
    },
    {
      "cve": "CVE-2019-9515",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9515"
    },
    {
      "cve": "CVE-2019-9518",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9518"
    }
  ]
}

wid-sec-w-2022-0770

Vulnerability from csaf_certbund

Published

2020-04-23 22:00

Modified

2024-05-16 22:00

Summary

IBM DB2: Mehrere Schwachstellen

Notes

Produktbeschreibung

IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service zu verursachen",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0770 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0770 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6198380 vom 2020-04-23",
        "url": "https://www.ibm.com/support/pages/node/6198380"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2020:2603"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04",
        "url": "https://access.redhat.com/errata/RHSA-2020:4807"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:3225"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27",
        "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6605881 vom 2022-07-21",
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
        "url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
        "url": "https://www.ibm.com/support/pages/node/7153639"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:32:05.856+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0770",
      "initial_release_date": "2020-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-06-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-05-26T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2022-07-20T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-10-03T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2024-02-04T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Hitachi Ops Center",
                "product": {
                  "name": "Hitachi Ops Center",
                  "product_id": "T017562",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hitachi:ops_center:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cAnalyzer 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
                  "product_id": "T030196"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cViewpoint 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
                  "product_id": "T030197"
                }
              }
            ],
            "category": "product_name",
            "name": "Ops Center"
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.1",
                "product": {
                  "name": "IBM DB2 11.1",
                  "product_id": "342000",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:11.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.5",
                "product": {
                  "name": "IBM DB2 11.5",
                  "product_id": "695419",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:11.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0001",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2009-0001"
    },
    {
      "cve": "CVE-2014-0114",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-0114"
    },
    {
      "cve": "CVE-2014-0193",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-0193"
    },
    {
      "cve": "CVE-2014-3488",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-3488"
    },
    {
      "cve": "CVE-2015-2156",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2015-2156"
    },
    {
      "cve": "CVE-2016-2402",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2016-2402"
    },
    {
      "cve": "CVE-2017-12972",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12972"
    },
    {
      "cve": "CVE-2017-12973",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12973"
    },
    {
      "cve": "CVE-2017-12974",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12974"
    },
    {
      "cve": "CVE-2017-18640",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-18640"
    },
    {
      "cve": "CVE-2017-3734",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-3734"
    },
    {
      "cve": "CVE-2017-5637",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-5637"
    },
    {
      "cve": "CVE-2018-10237",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-10237"
    },
    {
      "cve": "CVE-2018-11771",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-11771"
    },
    {
      "cve": "CVE-2018-8009",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-8009"
    },
    {
      "cve": "CVE-2018-8012",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-8012"
    },
    {
      "cve": "CVE-2019-0201",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-0201"
    },
    {
      "cve": "CVE-2019-10086",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10086"
    },
    {
      "cve": "CVE-2019-10172",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10172"
    },
    {
      "cve": "CVE-2019-10202",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10202"
    },
    {
      "cve": "CVE-2019-12402",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-12402"
    },
    {
      "cve": "CVE-2019-16869",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-16869"
    },
    {
      "cve": "CVE-2019-17195",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-17195"
    },
    {
      "cve": "CVE-2019-17571",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-17571"
    },
    {
      "cve": "CVE-2019-9512",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9512"
    },
    {
      "cve": "CVE-2019-9514",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9514"
    },
    {
      "cve": "CVE-2019-9515",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9515"
    },
    {
      "cve": "CVE-2019-9518",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9518"
    }
  ]
}

fkie_cve-2018-8012

Vulnerability from fkie_nvd

Published

2018-05-21 19:29

Modified

2024-11-21 04:13

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security@apache.org	http://www.securityfocus.com/bid/104253	Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1040948	Third Party Advisory, VDB Entry
security@apache.org	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E
security@apache.org	https://www.debian.org/security/2018/dsa-4214	Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104253	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040948	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4214	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
apache	zookeeper	*
apache	zookeeper	*
apache	zookeeper	3.5.0
apache	zookeeper	3.5.3
debian	debian_linux	8.0
debian	debian_linux	9.0
oracle	goldengate_stream_analytics	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF046E81-F6AA-4138-9493-56238351A16E",
              "versionEndExcluding": "3.4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40328D8-7E48-43E0-B7CB-722406390A4D",
              "versionEndIncluding": "3.5.3",
              "versionStartIncluding": "3.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "2F0F84E2-88CE-4350-B342-DA761D43682E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "81C99F52-0D85-41C8-A0DA-CE29C917ADDC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
              "versionEndExcluding": "19.1.0.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
    },
    {
      "lang": "es",
      "value": "No se aplica autenticaci\u00f3n/autorizaci\u00f3n cuando un servidor intenta unirse a un quorum en Apache ZooKeeper en versiones anteriores a la 3.4.10 y 3.5.0-alpha hasta 3.5.3-beta. Como resultado, un endpoint arbitrario podr\u00eda unirse al cl\u00faster y comenzar a propagar cambios falsos al l\u00edder."
    }
  ],
  "id": "CVE-2018-8012",
  "lastModified": "2024-11-21T04:13:05.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-21T19:29:00.250",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104253"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040948"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4214"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2018-12670

Vulnerability from cnvd

Title

Apache ZooKeeper安全绕过漏洞

Description

Apache Zookeeper是美国阿帕奇（Apache）软件基金会的一个软件项目，它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。 Apache ZooKeeper 3.4.10之前版本和3.5.0-alpha版本至3.5.3-beta版本中存在安全漏洞，该漏洞源于程序未能强制执行身份验证/授权检测。攻击者可利用该漏洞修改目标系统上的数据。

Severity

中

Patch Name

Apache ZooKeeper安全绕过漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://zookeeper.apache.org/security.html#CVE-2018-8012

Reference

https://securitytracker.com/id/1040948

Impacted products

Name
['Apache Zookeeper <3.4.10', 'Apache Zookeeper 3.5.0-alpha - 3.5.3-beta']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104253"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8012"
    }
  },
  "description": "Apache Zookeeper\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u8f6f\u4ef6\u9879\u76ee\uff0c\u5b83\u80fd\u591f\u4e3a\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u63d0\u4f9b\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u914d\u7f6e\u670d\u52a1\u3001\u540c\u6b65\u670d\u52a1\u548c\u547d\u540d\u6ce8\u518c\u7b49\u529f\u80fd\u3002\r\n\r\nApache ZooKeeper 3.4.10\u4e4b\u524d\u7248\u672c\u548c3.5.0-alpha\u7248\u672c\u81f33.5.3-beta\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5f3a\u5236\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1/\u6388\u6743\u68c0\u6d4b\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u76ee\u6807\u7cfb\u7edf\u4e0a\u7684\u6570\u636e\u3002",
  "discovererName": "F\u00c3\u00b6ldi Tam\u00c3\u00a1s and Eugene Koontz",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://zookeeper.apache.org/security.html#CVE-2018-8012",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12670",
  "openTime": "2018-07-06",
  "patchDescription": "Apache Zookeeper\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u8f6f\u4ef6\u9879\u76ee\uff0c\u5b83\u80fd\u591f\u4e3a\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u63d0\u4f9b\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u914d\u7f6e\u670d\u52a1\u3001\u540c\u6b65\u670d\u52a1\u548c\u547d\u540d\u6ce8\u518c\u7b49\u529f\u80fd\u3002\r\n\r\nApache ZooKeeper 3.4.10\u4e4b\u524d\u7248\u672c\u548c3.5.0-alpha\u7248\u672c\u81f33.5.3-beta\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5f3a\u5236\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1/\u6388\u6743\u68c0\u6d4b\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u76ee\u6807\u7cfb\u7edf\u4e0a\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache ZooKeeper\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Zookeeper \u003c3.4.10",
      "Apache Zookeeper 3.5.0-alpha - 3.5.3-beta"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1040948",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-22",
  "title": "Apache ZooKeeper\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

gsd-2018-8012

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-8012

Aliases

CVE-2018-8012

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8012",
    "description": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
    "id": "GSD-2018-8012",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-8012.html",
      "https://www.debian.org/security/2018/dsa-4214",
      "https://ubuntu.com/security/CVE-2018-8012"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8012"
      ],
      "details": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
      "id": "GSD-2018-8012",
      "modified": "2023-12-13T01:22:34.218089Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2018-05-21T00:00:00",
        "ID": "CVE-2018-8012",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache ZooKeeper",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Gain Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-4214",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4214"
          },
          {
            "name": "1040948",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040948"
          },
          {
            "name": "104253",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104253"
          },
          {
            "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
          },
          {
            "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
          },
          {
            "name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
          },
          {
            "name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,3.4.10),[3.5.0,3.5.3]",
          "affected_versions": "All versions before 3.4.10, all versions starting from 3.5.0 up to 3.5.3",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-862",
            "CWE-937"
          ],
          "date": "2019-10-03",
          "description": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
          "fixed_versions": [
            "3.4.10",
            "3.5.4"
          ],
          "identifier": "CVE-2018-8012",
          "identifiers": [
            "CVE-2018-8012"
          ],
          "not_impacted": "All versions starting from 3.4.10 before 3.5.0, all versions after 3.5.3",
          "package_slug": "maven/org.apache.zookeeper/zookeeper",
          "pubdate": "2018-05-21",
          "solution": "Upgrade to versions 3.4.10, 3.5.4 or above.",
          "title": "Missing Authorization",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-8012",
            "http://www.securityfocus.com/bid/104253",
            "http://www.securitytracker.com/id/1040948"
          ],
          "uuid": "f36a7d09-2f79-43c2-bf4c-456e2ffb9480"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.5.3",
                "versionStartIncluding": "3.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.1.0.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2018-8012"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "1040948",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040948"
            },
            {
              "name": "104253",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104253"
            },
            {
              "name": "DSA-4214",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4214"
            },
            {
              "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
            },
            {
              "name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
            },
            {
              "name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
            },
            {
              "name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-09-14T12:13Z",
      "publishedDate": "2018-05-21T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-8012 (GCVE-0-2018-8012)

Vulnerability from cvelistv5

ghsa-ccqf-c5hq-77mp

Vulnerability from github

WID-SEC-W-2022-0770

Vulnerability from csaf_certbund

wid-sec-w-2022-0770

Vulnerability from csaf_certbund

fkie_cve-2018-8012

Vulnerability from fkie_nvd

cnvd-2018-12670

Vulnerability from cnvd

gsd-2018-8012

Vulnerability from gsd

Tags

Sightings

Nomenclature