DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-35065", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-35065", "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "published": "2022-12-26T07:15:00", "modified": "2023-01-23T18:32:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35065", "reporter": "cve@mitre.org", "references": ["https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339", "https://github.com/gulpjs/glob-parent/pull/49", "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"], "cvelist": ["CVE-2021-35065"], "immutableFields": [], "lastseen": "2023-02-09T14:24:37", "viewCount": 52, "enchantments": {"backreferences": {"references": [{"type": "ibm", "idList": ["5F1A8E5DEF8C5B0BD8A337785BC9EC92521E4E1FC191BC80CFB2E92B4BEB7686"]}]}, "score": {"value": 4.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-35065"]}, {"type": "fedora", "idList": ["FEDORA:7ACB43067777", "FEDORA:AFA9330AF383", "FEDORA:BCFED30A3C21", "FEDORA:BFB9C30C9E8C"]}, {"type": "github", "idList": ["GHSA-CJ88-88MR-972W"]}, {"type": "ibm", "idList": ["0556F1DC5B30D5079CC9AC5473643A4E3229C388AA389B4C1FC98B72ED4E7AE5", "5F1A8E5DEF8C5B0BD8A337785BC9EC92521E4E1FC191BC80CFB2E92B4BEB7686", "6DFE02E47206439339CF69003DED7C6A339BE8A9FDA6611EA300ACF64BDB9DD1", "895F4CFDE7BED79352BE28A05DAE6E5D059FA356E0FB142F85559DC4743501F6", "DEFDCD26C45B3B0682E2C6442165C4FAD4F22E5706D69FE7837EA5D52ADE831B"]}, {"type": "nessus", "idList": ["FEDORA_2023-5C6F32DB6F.NASL", "REDHAT-RHSA-2023-0612.NASL"]}, {"type": "osv", "idList": ["OSV:GHSA-CJ88-88MR-972W"]}, {"type": "redhat", "idList": ["RHSA-2023:0612", "RHSA-2023:0634"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-35065"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-35065"]}, {"type": "veracode", "idList": ["VERACODE:31382"]}]}, "affected_software": {"major_version": [{"name": "gulpjs glob-parent", "version": 6}]}, "epss": [{"cve": "CVE-2021-35065", "epss": "0.000490000", "percentile": "0.154670000", "modified": "2023-03-18"}], "vulnersScore": 4.5}, "_state": {"dependencies": 1675960477, "score": 1675960944, "affected_software_major_version": 1677362209, "epss": 1679179052}, "_internal": {"score_hash": "dc48a829630bf765b49466edcb36774b"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-1333"], "affectedSoftware": [{"cpeName": "gulpjs:glob-parent", "version": "6.0.1", "operator": "lt", "name": "gulpjs glob-parent"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:gulpjs:glob-parent:6.0.1:*:*:*:*:node.js:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.0.1", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339", "name": "https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339", "refsource": "CONFIRM", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/gulpjs/glob-parent/pull/49", "name": "https://github.com/gulpjs/glob-parent/pull/49", "refsource": "CONFIRM", "tags": ["Exploit", "Patch", "Third Party Advisory"]}, {"url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "name": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}], "product_info": [{"vendor": "Gulpjs", "product": "Glob-parent"}]}

{"redhatcve": [{"lastseen": "2023-03-31T13:33:34", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-26T12:34:50", "type": "redhatcve", "title": "CVE-2021-35065", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2023-03-31T09:43:19", "id": "RH:CVE-2021-35065", "href": "https://access.redhat.com/security/cve/cve-2021-35065", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2023-01-05T10:07:47", "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-26T07:15:00", "type": "debiancve", "title": "CVE-2021-35065", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2022-12-26T07:15:00", "id": "DEBIANCVE:CVE-2021-35065", "href": "https://security-tracker.debian.org/tracker/CVE-2021-35065", "cvss": {"score": 0.0, "vector": "NONE"}}], "github": [{"lastseen": "2023-01-29T05:06:43", "description": "glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.\n\nThis vulnerability is separate from [GHSA-ww39-953v-wcq6](https://github.com/advisories/GHSA-ww39-953v-wcq6).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-18T17:03:23", "type": "github", "title": "glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2023-01-29T05:01:16", "id": "GHSA-CJ88-88MR-972W", "href": "https://github.com/advisories/GHSA-cj88-88mr-972w", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-01-06T21:31:54", "description": "glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.\n\nThis vulnerability is separate from [GHSA-ww39-953v-wcq6](https://github.com/advisories/GHSA-ww39-953v-wcq6).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-18T17:03:23", "type": "osv", "title": "glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2023-01-06T03:13:53", "id": "OSV:GHSA-CJ88-88MR-972W", "href": "https://osv.dev/vulnerability/GHSA-cj88-88mr-972w", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-01-23T14:55:37", "description": "pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the worl d. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T01:53:58", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: pgadmin4-6.18-2.fc37", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2023-01-12T01:53:58", "id": "FEDORA:AFA9330AF383", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MWRPBXRQXUJY4S564TKU44KGGKG3COW5/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-23T14:55:37", "description": "Fast, reliable, and secure dependency management. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T01:35:37", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-2.fc36", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2023-01-12T01:35:37", "id": "FEDORA:7ACB43067777", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DNEACIUZ6LFSFWUIERUZBLHDTUR3ZFA5/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-23T14:55:37", "description": "Fast, reliable, and secure dependency management. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T01:53:57", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-2.fc37", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2023-01-12T01:53:57", "id": "FEDORA:BCFED30A3C21", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RYJSGJIELN7ONRXIUF5USFBW7Y2FX7N3/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-03T00:24:52", "description": "pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the worl d. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-02T02:06:23", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: pgadmin4-6.19-1.fc36", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-35065", "CVE-2023-0241", "CVE-2023-22298"], "modified": "2023-02-02T02:06:23", "id": "FEDORA:BFB9C30C9E8C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-25T05:12:32", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5c6f32db6f advisory.\n\n - The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression. (CVE-2021-35065)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T00:00:00", "type": "nessus", "title": "Fedora 36 : yarnpkg (2023-5c6f32db6f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:yarnpkg"], "id": "FEDORA_2023-5C6F32DB6F.NASL", "href": "https://www.tenable.com/plugins/nessus/169934", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-5c6f32db6f\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169934);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2021-35065\");\n script_xref(name:\"FEDORA\", value:\"2023-5c6f32db6f\");\n\n script_name(english:\"Fedora 36 : yarnpkg (2023-5c6f32db6f)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-5c6f32db6f advisory.\n\n - The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service)\n attacks against the enclosure regular expression. (CVE-2021-35065)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-5c6f32db6f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected yarnpkg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35065\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:yarnpkg\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'yarnpkg-1.22.19-2.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'yarnpkg');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T17:45:18", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0612 advisory.\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n - express: qs prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n - nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n - nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-06T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2023:0612)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35065", "CVE-2021-44906", "CVE-2022-0235", "CVE-2022-24999", "CVE-2022-3517", "CVE-2022-43548"], "modified": "2023-02-06T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-devel", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-docs", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-full-i18n", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-nodemon", "p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-npm"], "id": "REDHAT-RHSA-2023-0612.NASL", "href": "https://www.tenable.com/plugins/nessus/171023", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:0612. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171023);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/06\");\n\n script_cve_id(\n \"CVE-2021-35065\",\n \"CVE-2021-44906\",\n \"CVE-2022-0235\",\n \"CVE-2022-3517\",\n \"CVE-2022-24999\",\n \"CVE-2022-43548\"\n );\n script_xref(name:\"RHSA\", value:\"2023:0612\");\n\n script_name(english:\"RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2023:0612)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:0612 advisory.\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n - express: qs prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n - nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n - nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-43548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:0612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2044591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2134609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2140911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2150323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2156324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44906\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(350, 400, 601, 1321);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-nodejs14-npm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-nodejs14-nodejs-14.21.1-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-nodejs-14.21.1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-nodejs-devel-14.21.1-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-nodejs-devel-14.21.1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-nodejs-docs-14.21.1-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-nodejs-full-i18n-14.21.1-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-nodejs-full-i18n-14.21.1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-nodejs-nodemon-2.0.20-2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-npm-6.14.17-14.21.1.3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-nodejs14-npm-6.14.17-14.21.1.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-nodejs14-nodejs / rh-nodejs14-nodejs-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-04T03:03:05", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1043 advisory.\n\n - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n - jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - keycloak: HTML injection in execute-actions-email Admin REST API (CVE-2022-1274)\n\n - keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n - Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n\n - moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n - loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n - keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n - snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n - keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\n - jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n - jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n - keycloak: reflected XSS attack (CVE-2022-4137)\n\n - jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n - jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n - jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n - json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n - Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n - Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n - keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\n - keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-02T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat Single Sign-On 7.6.2 security update on RHEL 7 (Important) (RHSA-2023:1043)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-4137", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-0091", "CVE-2023-0264"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-sso7-keycloak:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-sso7-keycloak-server:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2023-1043.NASL", "href": "https://www.tenable.com/plugins/nessus/172041", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:1043. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172041);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-14040\",\n \"CVE-2018-14042\",\n \"CVE-2019-11358\",\n \"CVE-2020-11022\",\n \"CVE-2020-11023\",\n \"CVE-2021-35065\",\n \"CVE-2021-44906\",\n \"CVE-2022-1274\",\n \"CVE-2022-1438\",\n \"CVE-2022-1471\",\n \"CVE-2022-2764\",\n \"CVE-2022-3782\",\n \"CVE-2022-3916\",\n \"CVE-2022-4137\",\n \"CVE-2022-24785\",\n \"CVE-2022-25857\",\n \"CVE-2022-31129\",\n \"CVE-2022-37603\",\n \"CVE-2022-38749\",\n \"CVE-2022-38750\",\n \"CVE-2022-38751\",\n \"CVE-2022-40149\",\n \"CVE-2022-40150\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-45047\",\n \"CVE-2022-45693\",\n \"CVE-2022-46175\",\n \"CVE-2022-46363\",\n \"CVE-2022-46364\",\n \"CVE-2023-0091\",\n \"CVE-2023-0264\"\n );\n script_xref(name:\"RHSA\", value:\"2023:1043\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"RHEL 7 : Red Hat Single Sign-On 7.6.2 security update on RHEL 7 (Important) (RHSA-2023:1043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:1043 advisory.\n\n - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or\n property injection (CVE-2019-11358)\n\n - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n - jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods\n (CVE-2020-11023)\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - keycloak: HTML injection in execute-actions-email Admin REST API (CVE-2022-1274)\n\n - keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n - Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations\n (CVE-2022-2764)\n\n - moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n - loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n - keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject\n (CVE-2022-38750)\n\n - snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n - keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\n - jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n - jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n - keycloak: reflected XSS attack (CVE-2022-4137)\n\n - jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n - jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n - jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError\n which may lead to dos (CVE-2022-45693)\n\n - json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n - Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n - Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n - keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\n - keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-25857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-37603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-40149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-40150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-42003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-42004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:1043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1601614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1601617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1828406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2072009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2105075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2117506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2138971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2140597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2141404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2145194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2148496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2156263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2156324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2158585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2160585\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44906\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-46364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 80, 81, 121, 185, 303, 384, 400, 502, 787, 918, 1066, 1321);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-18.0.6-1.redhat_00001.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-18.0.6-1.redhat_00001.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-04T00:41:13", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1045 advisory.\n\n - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n - jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - keycloak: HTML injection in execute-actions-email Admin REST API (CVE-2022-1274)\n\n - keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n - Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n\n - moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n - loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n - keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n - snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n - keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\n - jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n - jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n - keycloak: reflected XSS attack (CVE-2022-4137)\n\n - jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n - jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n - jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n - json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n - Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n - Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n - keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\n - keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T00:00:00", "type": "nessus", "title": "RHEL 9 : Red Hat Single Sign-On 7.6.2 security update on RHEL 9 (Important) (RHSA-2023:1045)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-4137", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-0091", "CVE-2023-0264"], "modified": "2023-03-02T00:00:00", "cpe": ["p-cpe:2.3:a:redhat:enterprise_linux:rh-sso7-keycloak:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-sso7-keycloak-server:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2023-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/172039", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:1045. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172039);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-14040\",\n \"CVE-2018-14042\",\n \"CVE-2019-11358\",\n \"CVE-2020-11022\",\n \"CVE-2020-11023\",\n \"CVE-2021-35065\",\n \"CVE-2021-44906\",\n \"CVE-2022-1274\",\n \"CVE-2022-1438\",\n \"CVE-2022-1471\",\n \"CVE-2022-2764\",\n \"CVE-2022-3782\",\n \"CVE-2022-3916\",\n \"CVE-2022-4137\",\n \"CVE-2022-24785\",\n \"CVE-2022-25857\",\n \"CVE-2022-31129\",\n \"CVE-2022-37603\",\n \"CVE-2022-38749\",\n \"CVE-2022-38750\",\n \"CVE-2022-38751\",\n \"CVE-2022-40149\",\n \"CVE-2022-40150\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-45047\",\n \"CVE-2022-45693\",\n \"CVE-2022-46175\",\n \"CVE-2022-46363\",\n \"CVE-2022-46364\",\n \"CVE-2023-0091\",\n \"CVE-2023-0264\"\n );\n script_xref(name:\"RHSA\", value:\"2023:1045\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"RHEL 9 : Red Hat Single Sign-On 7.6.2 security update on RHEL 9 (Important) (RHSA-2023:1045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:1045 advisory.\n\n - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or\n property injection (CVE-2019-11358)\n\n - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n - jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods\n (CVE-2020-11023)\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - keycloak: HTML injection in execute-actions-email Admin REST API (CVE-2022-1274)\n\n - keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n - Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations\n (CVE-2022-2764)\n\n - moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n - loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n - keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject\n (CVE-2022-38750)\n\n - snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n - keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\n - jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n - jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n - keycloak: reflected XSS attack (CVE-2022-4137)\n\n - jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n - jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n - jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError\n which may lead to dos (CVE-2022-45693)\n\n - json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n - Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n - Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n - keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\n - keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-25857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-37603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-40149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-40150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-42003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-42004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:1045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1601614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1601617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1828406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2072009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2105075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2117506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2138971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2140597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2141404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2145194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2148496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2156263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2156324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2158585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2160585\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44906\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-46364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 80, 81, 121, 185, 303, 384, 400, 502, 787, 918, 1066, 1321);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel9/x86_64/rh-sso/7.6/debug',\n 'content/dist/layered/rhel9/x86_64/rh-sso/7.6/os',\n 'content/dist/layered/rhel9/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-18.0.6-1.redhat_00001.1.el9sso', 'release':'9', 'el_string':'el9sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-18.0.6-1.redhat_00001.1.el9sso', 'release':'9', 'el_string':'el9sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-04T04:40:34", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1044 advisory.\n\n - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n - jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - keycloak: HTML injection in execute-actions-email Admin REST API (CVE-2022-1274)\n\n - keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n - Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n\n - moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n - loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n - keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n - snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n - keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\n - jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n - jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n - keycloak: reflected XSS attack (CVE-2022-4137)\n\n - jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n - jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n - jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n - json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n - Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n - Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n - keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\n - keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-02T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat Single Sign-On 7.6.2 security update on RHEL 8 (Important) (RHSA-2023:1044)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-4137", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-0091", "CVE-2023-0264"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-sso7-keycloak:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-sso7-keycloak-server:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2023-1044.NASL", "href": "https://www.tenable.com/plugins/nessus/172042", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:1044. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172042);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-14040\",\n \"CVE-2018-14042\",\n \"CVE-2019-11358\",\n \"CVE-2020-11022\",\n \"CVE-2020-11023\",\n \"CVE-2021-35065\",\n \"CVE-2021-44906\",\n \"CVE-2022-1274\",\n \"CVE-2022-1438\",\n \"CVE-2022-1471\",\n \"CVE-2022-2764\",\n \"CVE-2022-3782\",\n \"CVE-2022-3916\",\n \"CVE-2022-4137\",\n \"CVE-2022-24785\",\n \"CVE-2022-25857\",\n \"CVE-2022-31129\",\n \"CVE-2022-37603\",\n \"CVE-2022-38749\",\n \"CVE-2022-38750\",\n \"CVE-2022-38751\",\n \"CVE-2022-40149\",\n \"CVE-2022-40150\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-45047\",\n \"CVE-2022-45693\",\n \"CVE-2022-46175\",\n \"CVE-2022-46363\",\n \"CVE-2022-46364\",\n \"CVE-2023-0091\",\n \"CVE-2023-0264\"\n );\n script_xref(name:\"RHSA\", value:\"2023:1044\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"RHEL 8 : Red Hat Single Sign-On 7.6.2 security update on RHEL 8 (Important) (RHSA-2023:1044)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:1044 advisory.\n\n - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or\n property injection (CVE-2019-11358)\n\n - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n - jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods\n (CVE-2020-11023)\n\n - glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n - minimist: prototype pollution (CVE-2021-44906)\n\n - keycloak: HTML injection in execute-actions-email Admin REST API (CVE-2022-1274)\n\n - keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n - Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations\n (CVE-2022-2764)\n\n - moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n - loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n - keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n - snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject\n (CVE-2022-38750)\n\n - snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n - keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n\n - jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n - jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n - keycloak: reflected XSS attack (CVE-2022-4137)\n\n - jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n - jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n - jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError\n which may lead to dos (CVE-2022-45693)\n\n - json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n - Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n - Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n - keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\n - keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-25857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-37603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-40149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-40150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-42003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-42004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-46364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:1044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1601614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1601617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1828406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1850004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2072009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2105075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2117506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2135771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2138971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2140597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2141404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2145194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2148496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2155970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2156263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2156324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2158585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2160585\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44906\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-46364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 80, 81, 121, 185, 303, 384, 400, 502, 787, 918, 1066, 1321);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-18.0.6-1.redhat_00001.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-18.0.6-1.redhat_00001.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-01-05T13:08:54", "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular\nexpression denial of service) attacks against the enclosure regular\nexpression.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-26T00:00:00", "type": "ubuntucve", "title": "CVE-2021-35065", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-35065"], "modified": "2022-12-26T00:00:00", "id": "UB:CVE-2021-35065", "href": "https://ubuntu.com/security/CVE-2021-35065", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2022-07-13T20:24:24", "description": "glob-parent is vulnerable to Regular expression denial of service. The vulnerability exists due to an incorrect regex implementation on the `enclosure` variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469.\n", "cvss3": {}, "published": "2021-07-27T06:48:58", "type": "veracode", "title": "Regular Expression Denial Of Service (ReDoS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-28469", "CVE-2021-35065"], "modified": "2022-07-11T18:07:32", "id": "VERACODE:31382", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31382/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2023-02-28T01:52:16", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-23440](<https://vulners.com/cve/CVE-2021-23440>) \n** DESCRIPTION: **Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-35065](<https://vulners.com/cve/CVE-2021-35065>) \n** DESCRIPTION: **Node.js glob-parent module is vulnerable to a denial of service, caused by an error in the enclosure regex. By sending a specially crafted string prepended with the letter \"A\", a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.2 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.3 \n \nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-5 \n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-30T16:26:43", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23440", "CVE-2021-35065"], "modified": "2021-11-30T16:26:43", "id": "0556F1DC5B30D5079CC9AC5473643A4E3229C388AA389B4C1FC98B72ED4E7AE5", "href": "https://www.ibm.com/support/pages/node/6516464", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:51:57", "description": "## Summary\n\nVulnerabilities in Node.js, Color-String, and PostgreSQL, such as denial of service, bypassing security restrictions, obtaining sensitive information, and execution of arbitrary code, may affect IBM Spectrum Protect Plus.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-28469](<https://vulners.com/cve/CVE-2020-28469>) \n** DESCRIPTION: **Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-29060](<https://vulners.com/cve/CVE-2021-29060>) \n** DESCRIPTION: **Color-String is vulnerable to a denial of service, caused by an error when the application is provided and checks a crafted invalid HWB string. By sending a specially crafted string, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204156](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204156>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33502](<https://vulners.com/cve/CVE-2021-33502>) \n** DESCRIPTION: **Node.js normalize-url module is vulnerable to a denial of service, caused by a ReDoS (regular expression denial of service) flaw in the data URLs. By using a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202299](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202299>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22930](<https://vulners.com/cve/CVE-2021-22930>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-22939](<https://vulners.com/cve/CVE-2021-22939>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207233](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207233>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22940](<https://vulners.com/cve/CVE-2021-22940>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-22931](<https://vulners.com/cve/CVE-2021-22931>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-32028](<https://vulners.com/cve/CVE-2021-32028>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT \u2026 ON CONFLICT \u2026 DO UPDATE command on a purpose-crafted table. By creating prerequisite objects, an attacker could exploit this vulnerability to read arbitrary bytes of server memory. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203616](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203616>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-35065](<https://vulners.com/cve/CVE-2021-35065>) \n** DESCRIPTION: **Node.js glob-parent module is vulnerable to a denial of service, caused by an error in the enclosure regex. By sending a specially crafted string prepended with the letter \"A\", a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-32027](<https://vulners.com/cve/CVE-2021-32027>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow while modifying certain SQL array values. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23368](<https://vulners.com/cve/CVE-2021-23368>) \n** DESCRIPTION: **Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw during source map parsing. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0.0-10.1.8.x \n \n## Remediation/Fixes\n\n**IBM Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.9| Linux| <https://www.ibm.com/support/pages/node/6487159> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-10T20:01:04", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Node.js, Color-String, and PostgreSQL affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28469", "CVE-2021-22930", "CVE-2021-22931", "CVE-2021-22939", "CVE-2021-22940", "CVE-2021-23368", "CVE-2021-29060", "CVE-2021-32027", "CVE-2021-32028", "CVE-2021-33502", "CVE-2021-35065"], "modified": "2021-12-10T20:01:04", "id": "895F4CFDE7BED79352BE28A05DAE6E5D059FA356E0FB142F85559DC4743501F6", "href": "https://www.ibm.com/support/pages/node/6525034", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:22", "description": "## Summary\n\nThis Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.73. This bulletin includes remediation for the Apache Log4j CVE-2021-44832 vulnerability. IBM Planning Analytics Workspace 2.0 has upgraded Apache Log4j to v2.17.1. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-41184](<https://vulners.com/cve/CVE-2021-41184>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position() function. A remote attacker could exploit this vulnerability using the of parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212277](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212277>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41183](<https://vulners.com/cve/CVE-2021-41183>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the Text parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212276](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212276>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41182](<https://vulners.com/cve/CVE-2021-41182>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the altField parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212274](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212274>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-35065](<https://vulners.com/cve/CVE-2021-35065>) \n** DESCRIPTION: **Node.js glob-parent module is vulnerable to a denial of service, caused by an error in the enclosure regex. By sending a specially crafted string prepended with the letter \"A\", a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18413](<https://vulners.com/cve/CVE-2019-18413>) \n** DESCRIPTION: **TypeStack class-validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the class-validator function. By sending a specially-crafted input, an attacker could exploit this vulnerability to bypass the class-validator to perform SQL Injection or XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170114](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170114>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-22308](<https://vulners.com/cve/CVE-2022-22308>) \n** DESCRIPTION: **IBM Planning Analytics is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216891](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216891>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2018-7489](<https://vulners.com/cve/CVE-2018-7489>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139549](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139549>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-35490](<https://vulners.com/cve/CVE-2020-35490>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193391](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193391>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35491](<https://vulners.com/cve/CVE-2020-35491>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-25649](<https://vulners.com/cve/CVE-2020-25649>) \n** DESCRIPTION: **FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability to launch XML external entity (XXE) attacks to have impact over data integrity. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** Third Party Entry: **217359 \n** DESCRIPTION: **npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/217359 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Planning Analytics Workspace 2.0\n\n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security updates:\n\n \n[Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 73 from Fix Central ](<https://www.ibm.com/support/pages/node/6556458> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 73 from Fix Central\" ) \n\n\nThis bulletin applies to IBM Planning Analytics Workspace Local v 2.0 (On-Prem). Remediation for IBM Planning Analytics with Watson will be completed in the March 2022 maintenance window. Please refer back to this Security Bulletin for further updates.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T20:23:11", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7489", "CVE-2019-18413", "CVE-2020-25649", "CVE-2020-35490", "CVE-2020-35491", "CVE-2021-35065", "CVE-2021-41182", "CVE-2021-41183", "CVE-2021-41184", "CVE-2021-44832", "CVE-2022-22308"], "modified": "2022-02-18T20:23:11", "id": "5F1A8E5DEF8C5B0BD8A337785BC9EC92521E4E1FC191BC80CFB2E92B4BEB7686", "href": "https://www.ibm.com/support/pages/node/6557106", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-29T21:37:18", "description": "## Summary\n\nVulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks,brute force attack or execution of arbitrary code to get sensitive information, denial service condition, and other problems.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7789](<https://vulners.com/cve/CVE-2020-7789>) \n** DESCRIPTION: **node-notifier could allow a remote attacker to execute arbitrary commands on the system, caused by improper sanitization of options params. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193001](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193001>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-21270](<https://vulners.com/cve/CVE-2018-21270>) \n** DESCRIPTION: **Node.js stringstream module is vulnerable to a denial of service, caused by a out-of-bounds read flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition or obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2019-20149](<https://vulners.com/cve/CVE-2019-20149>) \n** DESCRIPTION: **kind-of could allow a remote attacker to bypass security restrictions, caused by improper validation of user supplied input in ctorName in index.js. By sending a specially-crafted payload, an attacker could exploit this vulnerability to overwrite the builtin attribute to manipulate the type detection result. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173669](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173669>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-10747](<https://vulners.com/cve/CVE-2019-10747>) \n** DESCRIPTION: **Node.js set-value module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167421](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167421>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-7754](<https://vulners.com/cve/CVE-2020-7754>) \n** DESCRIPTION: **Node.js npm-user-validate module is vulnerable to a denial of service, caused by a flaw when processing long input strings begin with @ characters for user emails. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189917>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-1000620](<https://vulners.com/cve/CVE-2018-1000620>) \n** DESCRIPTION: **Cryptiles is vulnerable to a brute force attack, caused by insufficient entropy in randomDigits() method. A remote attacker could exploit this vulnerability using brute force techniques to obtain sensitive information. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-18869](<https://vulners.com/cve/CVE-2017-18869>) \n** DESCRIPTION: **chownr package for Node.js could allow a local attacker to launch a symlink attack, caused by a TOCTOU issue. A local attacker could exploit this vulnerability using symlink attacks to trick the library into descending into unintended directories. \nCVSS Base score: 2.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-33587](<https://vulners.com/cve/CVE-2021-33587>) \n** DESCRIPTION: **An unspecified error related to the failure to ensure that attribute parsing has Linear Time Complexity in Node.js css-what module has an unknown impact and attack vector. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202757](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202757>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2018-16492](<https://vulners.com/cve/CVE-2018-16492>) \n** DESCRIPTION: **Node.js extend module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156534](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156534>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2021-23364](<https://vulners.com/cve/CVE-2021-23364>) \n** DESCRIPTION: **Browserslist is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) during parsing of queries. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200951>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-0512](<https://vulners.com/cve/CVE-2022-0512>) \n** DESCRIPTION: **unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by improperly handeling username and password. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-0686](<https://vulners.com/cve/CVE-2022-0686>) \n** DESCRIPTION: **unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by an issue with unable to find the correct hostname when no port number is provided in the url. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform SSRF, open redirect or other attacks depends on the hostname field of parsed url. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220105](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220105>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-0691](<https://vulners.com/cve/CVE-2022-0691>) \n** DESCRIPTION: **unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by improper validation of \\b (backspace) character. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation and leads to false positive in the extractProtocol() function. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220107](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220107>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-0639](<https://vulners.com/cve/CVE-2022-0639>) \n** DESCRIPTION: **unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by incorrect conversion of @ in protocol in the href. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-6283](<https://vulners.com/cve/CVE-2019-6283>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in Sass::Prelexer::parenthese_scope in prelexer.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155594](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155594>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-20821](<https://vulners.com/cve/CVE-2018-20821>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161651](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161651>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-11698](<https://vulners.com/cve/CVE-2018-11698>) \n** DESCRIPTION: **LibSaas could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read of a memory region in the function Sass::handle_error. By using a specially-crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144297](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144297>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2020-24025](<https://vulners.com/cve/CVE-2020-24025>) \n** DESCRIPTION: **node-sass could allow a remote attacker to bypass security restrictions, caused by the disablement of certificate validation when requesting binaries even if the user is not specifying an alternative download path. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-19838](<https://vulners.com/cve/CVE-2018-19838>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by a stack-based buffer overflow in the IMPLEMENT_AST_OPERATORS expansion in ast.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153722](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153722>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-11694](<https://vulners.com/cve/CVE-2018-11694>) \n** DESCRIPTION: **LibSaas is vulnerable to a denial of service, caused by a NULL pointer dereference in the function Sass::Functions::selector_append. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-19827](<https://vulners.com/cve/CVE-2018-19827>) \n** DESCRIPTION: **Libsass is vulnerable to a denial of service, caused by a use after free in the SharedPtr class in SharedPtr.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153718](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153718>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-20190](<https://vulners.com/cve/CVE-2018-20190>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by a NULL pointer dereference in the function Sass::Eval::operator() in eval.cpp. By using a specially crafted sass input file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154428](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154428>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-6286](<https://vulners.com/cve/CVE-2019-6286>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in Sass::Prelexer::skip_over_scopes in prelexer.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-6284](<https://vulners.com/cve/CVE-2019-6284>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in Sass::Prelexer::alternatives in prelexer.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-19839](<https://vulners.com/cve/CVE-2018-19839>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in the handle_error function in sass_context.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153723](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153723>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-19797](<https://vulners.com/cve/CVE-2018-19797>) \n** DESCRIPTION: **LibSass is vulnerable to a denial of service, caused by a NULL pointer dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35065](<https://vulners.com/cve/CVE-2021-35065>) \n** DESCRIPTION: **Node.js glob-parent module is vulnerable to a denial of service, caused by an error in the enclosure regex. By sending a specially crafted string prepended with the letter \"A\", a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28469](<https://vulners.com/cve/CVE-2020-28469>) \n** DESCRIPTION: **Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-16777](<https://vulners.com/cve/CVE-2019-16777>) \n** DESCRIPTION: **npm CLI could allow a local attacker to bypass security restrictions, caused by the failure to prevent existing globally-installed binaries to be overwritten by other package installations. An attacker could exploit this vulnerability to bypass filesystem access restrictions to overwrite an existing binary with a globally-installed package. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173159](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173159>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-15095](<https://vulners.com/cve/CVE-2020-15095>) \n** DESCRIPTION: **Node.js npm CLI module could allow a local attacker to obtain sensitive information, caused by the storing of user credentials in the log file. By persuading a victim to open a log file, an attacker could exploit this vulnerability to obtain user credentials. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184666](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184666>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-16775](<https://vulners.com/cve/CVE-2019-16775>) \n** DESCRIPTION: **npm CLI could allow a local attacker to bypass security restrictions, caused by an arbitrary file overwrite vulnerability. An attacker could exploit this vulnerability to bypass filesystem access restrictions to create symlinks to files outside of the node_modules folder through the bin field upon installation. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-16776](<https://vulners.com/cve/CVE-2019-16776>) \n** DESCRIPTION: **npm CLI could allow a local attacker to bypass security restrictions, caused by the failure to prevent access to folders outside of the intended node_modules folder through the bin field. An attacker could exploit this vulnerability to gain access to folders outside of the intended node_modules folder through the bin field. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173161](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173161>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-16489](<https://vulners.com/cve/CVE-2018-16489>) \n** DESCRIPTION: **Node.js just-extend module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156531](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156531>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2019-10746](<https://vulners.com/cve/CVE-2019-10746>) \n** DESCRIPTION: **Node.js mixin-deep module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167420>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10742](<https://vulners.com/cve/CVE-2019-10742>) \n** DESCRIPTION: **Axios is vulnerable to a denial of service, caused by an issue with continuing to accept content after maxContentLength is exceeded. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-28168](<https://vulners.com/cve/CVE-2020-28168>) \n** DESCRIPTION: **Node.js axios module is vulnerable to server-side request forgery, caused by improper input validation. By providing a URL that responds with a redirect to a restricted host or IP address, an attacker could exploit this vulnerability to conduct SSRF attack to bypass a proxy. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-23343](<https://vulners.com/cve/CVE-2021-23343>) \n** DESCRIPTION: **path-parse is vulnerable to a denial of service. By sending a specially-crafted request via splitDeviceRe, splitTailRe, and splitPathRe regular expressions, a remote attacker could exploit this vulnerability to cause a regular expression denial of service (ReDoS). \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-23566](<https://vulners.com/cve/CVE-2021-23566>) \n** DESCRIPTION: **Nanoid could allow a local attacker to obtain sensitive information, caused by a flaw in the valueOf() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217348](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217348>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-3728](<https://vulners.com/cve/CVE-2018-3728>) \n** DESCRIPTION: **Node.js hoek module is vulnerable to a denial of service, caused by a prototype pollution attack in the merge, applyToDefaults and applyToDefaultsWithShallow functions. By sending a specially crafted JSON string, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139127](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139127>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSpectrum Discover| 2.0.4 \nSpectrum Discover| 2.0.4.1 \nSpectrum Discover| 2.0.4.2 \nSpectrum Discover| 2.0.4.3 \nSpectrum Discover| 2.0.4.4 \nSpectrum Discover| 2.0.4.5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\nInstalled versions of IBM Spectrum Discover (2.0.4, 2.0.4.1, 2.0.4.2, 2.0.4.3, 2.0.4.4,2.0.4.5) can be upgraded to fixed version using [IBM Spectrum Discover 2.0.4.6 upgrader.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Discover&release=2.0.4.6&platform=All&function=all> \"IBM Spectrum Discover 2.0.4.6 upgrader.\" ) and following the steps provided in our documentation ([IBM Spectrum Discover Documentation](<https://www.ibm.com/docs/en/spectrum-discover/2.0.4?topic=upgrading> \"\" )).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T22:51:43", "type": "ibm", "title": "Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18869", "CVE-2018-1000620", "CVE-2018-11694", "CVE-2018-11698", "CVE-2018-16489", "CVE-2018-16492", "CVE-2018-19797", "CVE-2018-19827", "CVE-2018-19838", "CVE-2018-19839", "CVE-2018-20190", "CVE-2018-20821", "CVE-2018-21270", "CVE-2018-3728", "CVE-2019-10742", "CVE-2019-10746", "CVE-2019-10747", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777", "CVE-2019-20149", "CVE-2019-6283", "CVE-2019-6284", "CVE-2019-6286", "CVE-2020-15095", "CVE-2020-24025", "CVE-2020-28168", "CVE-2020-28469", "CVE-2020-7754", "CVE-2020-7789", "CVE-2021-23343", "CVE-2021-23364", "CVE-2021-23566", "CVE-2021-33587", "CVE-2021-35065", "CVE-2022-0512", "CVE-2022-0639", "CVE-2022-0686", "CVE-2022-0691"], "modified": "2022-04-27T22:51:43", "id": "DEFDCD26C45B3B0682E2C6442165C4FAD4F22E5706D69FE7837EA5D52ADE831B", "href": "https://www.ibm.com/support/pages/node/6575649", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:50:14", "description": "## Summary\n\nCloud Pak for Automation has released cummulative security fixes addressing vulnerabilities in several of its components.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-37701](<https://vulners.com/cve/CVE-2021-37701>) \n**DESCRIPTION: **Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file creation/overwrite vulnerability. By creating a directory, and then replacing that directory with a symlink, an attacker could use an untrusted tar file to symlink into an arbitrary location and extract arbitrary files into that location to create or overwrite arbitrary files and execute arbitrary code on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2021-23840](<https://vulners.com/cve/CVE-2021-23840>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-23841](<https://vulners.com/cve/CVE-2021-23841>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the X509_issuer_and_serial_hash() function. By parsing the issuer field, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-2341](<https://vulners.com/cve/CVE-2021-2341>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-35065](<https://vulners.com/cve/CVE-2021-35065>) \n**DESCRIPTION: **Node.js glob-parent module is vulnerable to a denial of service, caused by an error in the enclosure regex. By sending a specially crafted string prepended with the letter \"A\", a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208298>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-22939](<https://vulners.com/cve/CVE-2021-22939>) \n**DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207233](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207233>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2021-29753](<https://vulners.com/cve/CVE-2021-29753>) \n**DESCRIPTION: **IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2021-37713](<https://vulners.com/cve/CVE-2021-37713>) \n**DESCRIPTION: **Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by insufficient logic on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target. An attacker could exploit this vulnerability to create or overwrite arbitrary files and execute arbitrary code on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-3749](<https://vulners.com/cve/CVE-2021-3749>) \n**DESCRIPTION: **axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the trim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause an application to consume an excessive amount of CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208438](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208438>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-22940](<https://vulners.com/cve/CVE-2021-22940>) \n**DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2021-22930](<https://vulners.com/cve/CVE-2021-22930>) \n**DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2021-33574](<https://vulners.com/cve/CVE-2021-33574>) \n**DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a denial of service, caused by a use-after-free flaw in the mq_notify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-20838](<https://vulners.com/cve/CVE-2019-20838>) \n**DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a buffer over-read in JIT. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-14155](<https://vulners.com/cve/CVE-2020-14155>) \n**DESCRIPTION: **PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2021-27218](<https://vulners.com/cve/CVE-2021-27218>) \n**DESCRIPTION: **GNOME GLib is vulnerable to a denial of service, caused by an error when invoking g_byte_array_new_take() with a buffer of 4GB or more on a 64-bit platform. An attacker could exploit this vulnerability to cause unintended length truncation. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-28153](<https://vulners.com/cve/CVE-2021-28153>) \n**DESCRIPTION: **GNOME GLib could allow a remote attacker to bypass security restrictions, caused by a flaw when g_file_replace() function is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink. By persuading a victim to open a specially-crafted ZIP archive, an attacker could exploit this vulnerability to overwrite arbitrary files on the sytem. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2021-3421](<https://vulners.com/cve/CVE-2021-3421>) \n**DESCRIPTION: **RPM Project RPM could allow a remote attacker to bypass security restrictions, caused by a flaw in the read function. By persuading a victim to install a seemingly verifiable package or compromise an RPM repository, an attacker could exploit this vulnerability to cause a corruption to the RPM database. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203124](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203124>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L) \n \n**CVEID: **[CVE-2021-20266](<https://vulners.com/cve/CVE-2021-20266>) \n**DESCRIPTION: **RPM Project RPM is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the hdrblobInit function in lib/header.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201041](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201041>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-3445](<https://vulners.com/cve/CVE-2021-3445>) \n**DESCRIPTION: **libdnf could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in signature verification functionality. By placing a signature in the main header, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-3517](<https://vulners.com/cve/CVE-2021-3517>) \n**DESCRIPTION: **GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal() in entities.c. By sending a specially crafted file, a remote attacker could trigger an out-of-bounds read and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n**CVEID: **[CVE-2021-3516](<https://vulners.com/cve/CVE-2021-3516>) \n**DESCRIPTION: **libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202838](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202838>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-3518](<https://vulners.com/cve/CVE-2021-3518>) \n**DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n**CVEID: **[CVE-2021-3537](<https://vulners.com/cve/CVE-2021-3537>) \n**DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when parsing XML mixed content in recovery mode and post-validated. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-20231](<https://vulners.com/cve/CVE-2021-20231>) \n**DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a use-after-free issue in client sending key_share extension. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause memory corruption and other consequences. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198173](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198173>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n**CVEID: **[CVE-2021-20232](<https://vulners.com/cve/CVE-2021-20232>) \n**DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a use-after-free issue in client_send_params in lib/ext/pre_shared_key.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause memory corruption and other consequences. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n**CVEID: **[CVE-2020-16135](<https://vulners.com/cve/CVE-2020-16135>) \n**DESCRIPTION: **Libssh is vulnerable to a denial of service, caused by a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-22876](<https://vulners.com/cve/CVE-2021-22876>) \n**DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199186](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199186>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2021-3200](<https://vulners.com/cve/CVE-2021-3200>) \n**DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a buffer overflow in the testcase_read function. By persuading a victim to open a specially file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203837](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203837>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-2388](<https://vulners.com/cve/CVE-2021-2388>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-2369](<https://vulners.com/cve/CVE-2021-2369>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2021-2432](<https://vulners.com/cve/CVE-2021-2432>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-37712](<https://vulners.com/cve/CVE-2021-37712>) \n**DESCRIPTION: **Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file creation/overwrite vulnerability. By creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, an attacker could use an untrusted tar file to symlink into an arbitrary location and extract arbitrary files into that location to create or overwrite arbitrary files and execute arbitrary code on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2021-23440](<https://vulners.com/cve/CVE-2021-23440>) \n**DESCRIPTION: **Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2021-22931](<https://vulners.com/cve/CVE-2021-22931>) \n**DESCRIPTION: **Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-23382](<https://vulners.com/cve/CVE-2021-23382>) \n**DESCRIPTION: **Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service (ReDoS) flaw in the getAnnotationURL() and loadAnnotation() functions in lib/previous-map.js. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-32803](<https://vulners.com/cve/CVE-2021-32803>) \n**DESCRIPTION: **Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient symlink protection. An attacker could use a specially-crafted tar file containing \"dot dot\" sequences (/../) to create or overwrite arbitrary files on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206717](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206717>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Cloud Pak for Automation | V21.0.1 \nV21.0.2 \nV21.0.3 \n \n## Remediation/Fixes\n\nThe recommended action is to upgrade to the latest cumulative security fix for your release and consider upgrading to the latest release.\n\n * [IBM Cloud Pak for Automation 21.0.1-IF007](<https://www.ibm.com/support/pages/node/6517704> \"IBM Cloud Pak for Automation 21.0.1-IF007\" )\n * [IBM Cloud Pak for Automation 21.0.2-IF007](<https://www.ibm.com/support/pages/node/6539964> \"IBM Cloud Pak for Automation 21.0.2-IF007\" )\n * [IBM Cloud Pak for Automation 21.0.3-IF002](<https://www.ibm.com/support/pages/node/6539966> \"IBM Cloud Pak for Automation 21.0.3-IF002\" )\n\nRepackaged public images used in **demo** deployments were not updated in **21.0.1** to fix some of the reported CVEs. Create your demo environments using the latest release. \nCVE-2021-33574, CVE-2020-14155, CVE-2021-28153, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-20231, CVE-2021-20232, CVE-2021-22876, CVE-2021-23840, CVE-2021-27218: \n\n * cp.icr.io/cp/cp4a/demo/openldap:1.3.0\n * cp.icr.io/cp/cp4a/demo/phpldapadmin:0.9.0\n * cp.icr.io/cp/cp4a/demo/gitea:1.12.3\n * cp.icr.io/cp/cp4a/demo/alpine:3.6\n * cp.icr.io/cp/cp4a/demo/busybox:1.32\n\nCVE-2021-23841 is marked as \"Will Not Fix\" by Red Hat, see <https://access.redhat.com/security/cve/CVE-2021-23841> and is reported for **all images**. The vulnerable function is never invoked by openSSL itself, hence openSSL is not affected. There is no use case in Cloud Pak for Automation to invoke openSSL for signing a certificate with user provided input for the issuer field. Based on current information, we share this assessment for Cloud Pak for Automation.\n\nCVE-2020-16135 is not yet included in Red Hat Universal Base Image and is reported for **all images**. It is rated low severity and will be picked up with future security updates.\n\nCVE-2021-37712, CVE-2021-37713, and CVE-2021-37701 are fixed in a shared Node JS docker layer and hence fixed for all components building on top of it. The **IBM ****Advanced Document Processing (IADP) component in 21.0.3 **packages its own copy of Node JS and has not included fixes for these CVEs. Based on current information, IADP is assessed as not affected, due the application specific use of this library: \n\n * cp.icr.io/cp/cp4a/iadp/backend:21.0.3-IF002\n\nThe **IBM ****Advanced Document Processing (IADP) component in 21.0.1** builds upon Red Hat Universal Base Image 7.x and cannot be upgraded. The following CVEs have not been addressed for this component. The only mitigation is to upgrade to 21.0.2 or later when using any of the IADP images: CVE-2021-33574, CVE-2020-14155, CVE-2021-27218, CVE-2021-28153, CVE-2021-3421, CVE-2021-20266, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-22876 \n\n * cp.icr.io/cp/cp4a/iadp/rabbitmq:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/redis:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/natural_language_extractor:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/deep_learning:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/viewone:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/cdra:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/cpds:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/cds:21.0.1-IF007\n * cp.icr.io/cp/cp4a/iadp/gitgateway:21.0.1-IF007\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-19T16:26:59", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20838", "CVE-2020-14155", "CVE-2020-16135", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22930", "CVE-2021-22931", "CVE-2021-22939", "CVE-2021-22940", "CVE-2021-23382", "CVE-2021-2341", "CVE-2021-23440", "CVE-2021-2369", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-2388", "CVE-2021-2432", "CVE-2021-27218", "CVE-2021-28153", "CVE-2021-29753", "CVE-2021-29842", "CVE-2021-3200", "CVE-2021-32803", "CVE-2021-33574", "CVE-2021-3421", "CVE-2021-3445", "CVE-2021-35065", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3749", "CVE-2021-37701", "CVE-2021-37712", "CVE-2021-37713"], "modified": "2022-01-19T16:26:59", "id": "6DFE02E47206439339CF69003DED7C6A339BE8A9FDA6611EA300ACF64BDB9DD1", "href": "https://www.ibm.com/support/pages/node/6541298", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2023-02-06T20:12:16", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.1), rh-nodejs14-nodejs-nodemon (2.0.20). (BZ#2129806, BZ#2135519, BZ#2135520, BZ#2141022)\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rh-nodejs14-nodejs: Provide full-i18n subpackage (BZ#2009880)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-06T19:29:10", "type": "redhat", "title": "(RHSA-2023:0612) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35065", "CVE-2021-44906", "CVE-2022-0235", "CVE-2022-24999", "CVE-2022-3517", "CVE-2022-43548"], "modified": "2023-02-06T19:31:00", "id": "RHSA-2023:0612", "href": "https://access.redhat.com/errata/RHSA-2023:0612", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-30T14:04:39", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-30T12:25:33", "type": "redhat", "title": "(RHSA-2023:1533) Important: nodejs:14 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35065", "CVE-2021-44906", "CVE-2022-24999", "CVE-2022-25881", "CVE-2022-3517", "CVE-2022-35256", "CVE-2022-38900", "CVE-2022-43548", "CVE-2022-4904", "CVE-2023-23918", "CVE-2023-23920"], "modified": "2023-03-30T12:26:00", "id": "RHSA-2023:1533", "href": "https://access.redhat.com/errata/RHSA-2023:1533", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T15:07:30", "description": "Logging Subsystem 5.6.1 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2023-02-09T13:59:38", "type": "redhat", "title": "(RHSA-2023:0634) Moderate: Red Hat OpenShift (Logging Subsystem) security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-35065", "CVE-2021-46848", "CVE-2022-35737", "CVE-2022-3821", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-43680", "CVE-2022-44617", "CVE-2022-46175", "CVE-2022-46285", "CVE-2022-4883"], "modified": "2023-02-09T13:59:55", "id": "RHSA-2023:0634", "href": "https://access.redhat.com/errata/RHSA-2023:0634", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-01T22:13:57", "description": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T21:56:34", "type": "redhat", "title": "(RHSA-2023:1049) Important: Red Hat Single Sign-On 7.6.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-2237", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-4137", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-0091", "CVE-2023-0264"], "modified": "2023-03-01T21:57:02", "id": "RHSA-2023:1049", "href": "https://access.redhat.com/errata/RHSA-2023:1049", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T06:14:29", "description": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T21:38:48", "type": "redhat", "title": "(RHSA-2023:1045) Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-4137", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-0091", "CVE-2023-0264"], "modified": "2023-03-09T04:56:42", "id": "RHSA-2023:1045", "href": "https://access.redhat.com/errata/RHSA-2023:1045", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T06:14:29", "description": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T21:38:43", "type": "redhat", "title": "(RHSA-2023:1043) Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-4137", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-0091", "CVE-2023-0264"], "modified": "2023-03-09T04:55:12", "id": "RHSA-2023:1043", "href": "https://access.redhat.com/errata/RHSA-2023:1043", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T00:14:29", "description": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T21:38:46", "type": "redhat", "title": "(RHSA-2023:1044) Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-4137", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-0091", "CVE-2023-0264"], "modified": "2023-03-08T22:44:39", "id": "RHSA-2023:1044", "href": "https://access.redhat.com/errata/RHSA-2023:1044", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T22:13:57", "description": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T21:39:40", "type": "redhat", "title": "(RHSA-2023:1047) Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14040", "CVE-2018-14042", "CVE-2019-11358", "CVE-2020-11022", "CVE-2021-35065", "CVE-2021-44906", "CVE-2022-1274", "CVE-2022-1438", "CVE-2022-1471", "CVE-2022-24785", "CVE-2022-25857", "CVE-2022-2764", "CVE-2022-31129", "CVE-2022-37603", "CVE-2022-3782", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-3916", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-4039", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46175", "CVE-2022-46363", "CVE-2022-46364", "CVE-2022-47629", "CVE-2023-0091", "CVE-2023-0264", "CVE-2023-21835", "CVE-2023-21843"], "modified": "2023-03-01T21:40:06", "id": "RHSA-2023:1047", "href": "https://access.redhat.com/errata/RHSA-2023:1047", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T02:24:09", "description": "Migration Toolkit for Applications 6.0.1 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-28T00:48:46", "type": "redhat", "title": "(RHSA-2023:0934) Important: Migration Toolkit for Applications security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36567", "CVE-2021-35065", "CVE-2021-46848", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-2056", "CVE-2022-2057", "CVE-2022-2058", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23521", "CVE-2022-24999", "CVE-2022-2519", "CVE-2022-2520", "CVE-2022-2521", "CVE-2022-25308", "CVE-2022-25309", "CVE-2022-25310", "CVE-2022-2601", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-2867", "CVE-2022-2868", "CVE-2022-2869", "CVE-2022-2953", "CVE-2022-30293", "CVE-2022-35737", "CVE-2022-37601", "CVE-2022-37603", "CVE-2022-3775", "CVE-2022-3787", "CVE-2022-3821", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41717", "CVE-2022-41903", "CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012", "CVE-2022-42898", "CVE-2022-42920", "CVE-2022-43680", "CVE-2022-46175", "CVE-2022-47629", "CVE-2023-21830", "CVE-2023-21835", "CVE-2023-21843"], "modified": "2023-03-01T00:30:47", "id": "RHSA-2023:0934", "href": "https://access.redhat.com/errata/RHSA-2023:0934", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}