The vulnerability of the webapps component of the server container in Eclipse Jetty allows a hacker to gain unauthorized access to protected information.

🗓️ 05 Sep 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Jetty webapps vulnerability allows access to protected data from improper link definition.

Reporter	Title	Published	Views	Family All 94
IBM Security Bulletins	Security Bulletin: IBM MQ is vulnerable to multiple Eclipse Jetty issues	24 Jun 202216:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server	17 May 202302:32	–	ibm
IBM Security Bulletins	Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester	29 Mar 202206:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM Installation Manager and IBM Packaging Utility	24 Jun 202116:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities	6 Jun 202218:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	3 Dec 202118:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	29 Jun 202123:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 04 and earlier versions.	11 Oct 202208:56	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Performance Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)	29 Jul 202220:31	–	ibm
IBM Security Bulletins	Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2	7 May 202419:54	–	ibm

Vulners

Node

oracle oracle_communications_services_gatekeeperMatch7.0

OR

oracle oracle_banking_digital_experienceMatch20.1

OR

oracle oracle_banking_digital_experienceMatch21.1

OR

oracle oracle_banking_apisMatch20.1

OR

oracle oracle_banking_apisMatch21.1

OR

oracle autovue_for_agile_product_lifecycle_managementMatch21.0.2

OR

oracle rest_data_servicesRange<21.3

OR

oracle oracle_communications_session_report_managerRange8.0.0.0–8.2.4.0

OR

oracle oracle_communications_session_route_managerRange8.0.0.0–8.2.4.0

OR

oracle siebel_crmRange≤21.9

OR

eclipse jettyRange<9.4.39

OR

oracle oracle_communications_element_managerMatch8.2.2

Source	Link
github	www.github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
lists	www.lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E
lists	www.lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E
lists	www.lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E
lists	www.lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E
lists	www.lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E
lists	www.lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E
lists	www.lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E
lists	www.lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E

18 Oct 2022 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 25

CVSS 35.3

EPSS0.00154

Jetty webapps vulnerability unauthorized access protected data link definition file access