CVE-2021-30468

🗓️ 16 Jun 2021 12:00:18Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 248 Views

A security vulnerability in Apache CXF allows an attacker to cause CPU consumption

Reporter	Title	Published	Views	Family All 33
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	29 Apr 202502:26	–	ibm
IBM Security Bulletins	Security Bulletin: Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-30468)	3 Dec 202118:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator B2B API vulnerable to multiple issues due to Apache CXF	11 Apr 202413:17	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Network Manager IP Edition is vulnerable to a denial of service vulnerability (CVE-2021-30468)	25 Jan 202208:15	–	ibm
IBM Security Bulletins	Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-30468)	24 Aug 202109:04	–	ibm
IBM Security Bulletins	Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2021-30468	30 Aug 202216:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance uses components with known vulnerabilities (CVE-2021-22696, CVE-2021-30468, CVE-2020-1954)	21 Jun 202320:31	–	ibm
CNNVD	Apache CXF 资源管理错误漏洞	16 Jun 202100:00	–	cnnvd
CNVD	Apache CXF Resource Management Error Vulnerability (CNVD-2021-70100)	13 Jul 202100:00	–	cnvd
Cvelist	CVE-2021-30468 Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter	16 Jun 202112:00	–	cvelist

NVD

Vulners

Node

apache cxfRange<3.3.11

apache cxfRange3.4.0–3.4.4

apache tomeeMatch8.0.6

Node

oracle business_intelligenceMatch5.5.0.0.0enterprise

oracle business_intelligenceMatch5.9.0.0.0enterprise

oracle business_intelligenceMatch12.2.1.3.0enterprise

oracle business_intelligenceMatch12.2.1.4.0enterprise

oracle communications_element_managerMatch8.2.2

oracle communications_messaging_serverMatch8.1

[
  {
    "product": "Apache CXF",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "changes": [
          {
            "at": "3.3.11",
            "status": "unaffected"
          }
        ],
        "lessThan": "3.4.4",
        "status": "affected",
        "version": "Apache CXF",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cxf	www.cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc
lists	www.lists.apache.org/thread.html/re5b2a2b77faa22684d47bd2ac6623135c615565328ff40a1ec705448%40%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/rac07822057521dccf33ab5d136e0e8c599a6e2c8ac75e44ffbdc6e07%40%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/re9e05c6cab5f0dcc827eba4e6fcf26fa0b493e7ca84d62c867a80d03%40%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/r3f46ae38e4a6e80c069cdb320e0ce831b0a21a12ef0cc92c0943f34a%40%3Ccommits.tomee.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cdev.cxf.apache.org%3E
openwall	www.openwall.com/lists/oss-security/2021/06/16/2
lists	www.lists.apache.org/thread.html/r4771084730c4cf6e59eda60b4407122c86f174eb750b24f610ba9ff4%40%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/r54c0f1cbbb9f381dfbedb9ea5e90ecb1c0a15371f40c4b10322ac737%40%3Ccommits.tomee.apache.org%3E

21 Nov 2024 06:03Current

7.4High risk

Vulners AI Score7.4

CVSS 25

CVSS 3.17.5

EPSS0.01898