CVE-2021-29842

🗓️ 16 Sep 2021 15:50:21Reported by ibmType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 85 Views

IBM WebSphere App Server & Liberty versions 7.0 - 9.0 & 17.0.0.3 - 21.0.0.9 allow remote user username enumeration

Reporter	Title	Published	Views	Family All 57
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.	21 Mar 202216:27	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842)	28 Oct 202123:11	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2021-29842)	30 Sep 202109:50	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional and Liberty profile shipped with IBM Digital Business Automation Workflow family products (CVE-2021-29842)	14 Sep 202215:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2021-29842)	17 Sep 202108:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	18 Nov 202109:03	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-29842)	18 Oct 202106:27	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2021-29842)	8 Sep 202206:11	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-29842)	16 Sep 202116:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server Vulnerability Affects Watson Speech Services	12 Jan 202321:59	–	ibm

NVD

Vulners

Node

ibm websphere_application_serverRange7.0.0.0–7.0.0.45

ibm websphere_application_serverRange8.0.0.0–8.0.0.15

ibm websphere_application_serverRange8.5–8.5.5.20

ibm websphere_application_serverRange9.0.0.0–9.0.5.9

ibm websphere_application_serverRange17.0.0.3–21.0.0.9liberty

[
  {
    "product": "WebSphere Application Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "9.0"
      }
    ]
  },
  {
    "product": "WebSphere Application Server Liberty",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "17.0.0.3"
      },
      {
        "status": "affected",
        "version": "21.0.0.9"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/205202
ibm	www.ibm.com/support/pages/node/6489485

21 Nov 2024 06:01Current

5.3Medium risk

Vulners AI Score5.3

CVSS 25

CVSS 3.15.3

CVSS 33.7

EPSS0.00369

CWE-307