Lucene search

CVE-2021-22939

🗓️ 16 Aug 2021 19:13:15Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 259 Views

Node.js https API misuse, CVE-2021-22939

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 130
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services	9 Nov 202117:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by Node.js vulnerability (CVE-2021-22939)	19 Apr 202220:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to trusting expired certificates due to CVE-2021-22939	20 Oct 202110:07	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-22939, CVE-2021-22931, CVE-2020-7598)	17 Jan 202309:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams UI affected by multiple node package vulnerabilities	21 Dec 202117:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities	22 Oct 202114:03	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)	28 Sep 202107:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities	5 Dec 202219:00	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL affect IBM Spectrum Control	9 Dec 202107:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js	29 Oct 202121:37	–	ibm

Nvd

Vulners

Node

nodejs node.jsRange12.0.0–12.22.5lts

nodejs node.jsRange14.0.0–14.17.5lts

nodejs node.jsRange16.0.0–16.6.2-

Node

oracle graalvmMatch20.3.3enterprise

oracle graalvmMatch21.2.0enterprise

oracle jd_edwards_enterpriseone_toolsRange≤9.2.6.1

oracle mysql_clusterRange≤8.0.26

oracle peoplesoft_enterprise_peopletoolsMatch8.57

oracle peoplesoft_enterprise_peopletoolsMatch8.58

oracle peoplesoft_enterprise_peopletoolsMatch8.59

Node

netapp nextgen_apiMatch-

Node

siemens sinec_infrastructure_network_servicesRange<1.0.1.1

Node

debian debian_linuxMatch10.0

[
  {
    "vendor": "n/a",
    "product": "https://github.com/nodejs/node",
    "versions": [
      {
        "version": "Fixed version 16.6.2, 14.17.5, and 12.22.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2022.html
lists	www.lists.debian.org/debian-lts-announce/2022/10/msg00006.html
security	www.security.gentoo.org/glsa/202401-02
security	www.security.netapp.com/advisory/ntap-20210917-0003/
oracle	www.oracle.com/security-alerts/cpujul2022.html
nodejs	www.nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
hackerone	www.hackerone.com/reports/1278254
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
oracle	www.oracle.com/security-alerts/cpuoct2021.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Aug 2021 19:15Current

7.4High risk

Vulners AI Score7.4

CVSS25

CVSS35.3

EPSS0.00188

CWE-295