CVE-2021-28163

🗓️ 01 Apr 2021 14:20:13Reported by eclipseType

Jetty allows symlinked webapps leading to unintentional exposur

Reporter	Title	Published	Views	Family All 94
IBM Security Bulletins	Security Bulletin: IBM MQ is vulnerable to multiple Eclipse Jetty issues	24 Jun 202216:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server	17 May 202302:32	–	ibm
IBM Security Bulletins	Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester	29 Mar 202206:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM Installation Manager and IBM Packaging Utility	24 Jun 202116:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities	6 Jun 202218:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	3 Dec 202118:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	29 Jun 202123:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 04 and earlier versions.	11 Oct 202208:56	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Performance Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)	29 Jul 202220:31	–	ibm
IBM Security Bulletins	Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2	7 May 202419:54	–	ibm

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.4.32",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.4.38",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "10.0.0.beta2",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "11.0.0.beta2",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2022.html
lists	www.lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E
lists	www.lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E
lists	www.lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E
lists	www.lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E
lists	www.lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E
lists	www.lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E

19 Apr 2022 23:54Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.12.7

EPSS0.0418

CWE-200