Security-metrics-botCWD-5787Tomcat versions bundled with the Crowd product are vulnerable to CVE-2021-33037
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.123 Low
EPSS
Percentile
95.3%
The different Tomcat versions (8.5.X) bundled to the Atlassian Crowd product versions lower than Crowd 4.4.1 are vulnerable to [CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037]
The Tomcat versions from 8.5.0 to 8.5.66 are affected by the mentioned [CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037] and some of the versions in this range are bundled to the Atlassian Crowd product versions lower than Crowd 4.4.1.
It is important to note that the Atlasian Crowd versions 4.4.1 and 5.0.0 were bundled to Tomcat 8.5.72 as this Tomcat version is not affected by [CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037]
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.123 Low
EPSS
Percentile
95.3%