Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2021-3563
HistoryAug 26, 2022 - 4:15 p.m.

CVE-2021-3563

2022-08-2616:15:08
CWE-863
redhat
web.nvd.nist.gov
69
3
cve-2021-3563
openstack
keystone
data confidentiality
data integrity
password complexity

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.009

Percentile

82.9%

JSON

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Affected configurations

Nvd
Node
openstackkeystone
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
redhatopenstack_platformMatch10.0
OR
redhatopenstack_platformMatch13.0
OR
redhatopenstack_platformMatch16.1
OR
redhatopenstack_platformMatch16.2
VendorProductVersionCPE
openstackkeystone*cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
redhatopenstack_platform10.0cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*
redhatopenstack_platform13.0cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
redhatopenstack_platform16.1cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
redhatopenstack_platform16.2cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "keystone",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Not-known"
      }
    ]
  }
]

Social References

More

Related

prion 1
debiancve 1
redhatcve 1
veracode 1
ubuntucve 1
cvelist 1
nvd 1
osv 3
github 1
debian 1
nessus 1
openvas 1
ibm 1
prion
prion
Design/Logic Flaw
2022-08-26 16:15:00
debiancve
debiancve
CVE-2021-3563
2022-08-26 16:15:08
redhatcve
redhatcve
CVE-2021-3563
2021-05-21 12:15:42
veracode
veracode
Incorrect Authorization
2024-01-13 13:49:53
ubuntucve
ubuntucve
CVE-2021-3563
2022-08-26 00:00:00
cvelist
cvelist
CVE-2021-3563
2022-08-26 15:25:41
nvd
nvd
CVE-2021-3563
2022-08-26 16:15:08
osv
osv
Openstack Keystone Incorrect Authorization vulnerability
2022-08-27 00:00:44
CVE-2021-3563
2022-08-26 16:15:08
keystone - security update
2024-01-21 00:00:00
github
github
Openstack Keystone Incorrect Authorization vulnerability
2022-08-27 00:00:44
debian
debian
[SECURITY] [DLA 3714-1] keystone security update
2024-01-21 21:45:45
nessus
nessus
Debian dla-3714 : keystone - security update
2024-01-22 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3714-1)
2024-01-22 00:00:00
ibm
ibm
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
2023-06-20 04:41:00

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.009

Percentile

82.9%

JSON
Related for CVE-2021-3563
prion1debiancve1redhatcve1veracode1ubuntucve1cvelist1nvd1osv3github1debian1nessus1openvas1ibm1