[SECURITY] [DSA 4949-1] jetty9 security update

2021-08-04T21:52:09

Description

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4949-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jetty9 CVE ID : CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 CVE-2020-27223 CVE-2020-28165 CVE-2020-28169 CVE-2021-34428 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. For the stable distribution (buster), these problems have been fixed in version 9.4.16-0+deb10u1. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jetty9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org

Affected Package

OS	OS Version	Package Name	Package Version
Debian	9	libjetty9-extra-java	9.2.30-0+deb9u1
Debian	9	jetty9	9.2.30-0+deb9u1
Debian	9	libjetty9-java	9.2.30-0+deb9u1
Debian	10	libjetty9-java	9.4.16-0+deb10u1
Debian	10	libjetty9-extra-java	9.4.16-0+deb10u1
Debian	10	jetty9	9.4.16-0+deb10u1

{"id": "DEBIAN:DSA-4949-1:1212B", "vendorId": null, "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 4949-1] jetty9 security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4949-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 04, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : jetty9\nCVE ID : CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 CVE-2020-27223 \n CVE-2020-28165 CVE-2020-28169 CVE-2021-34428\n\nMultiple vulnerabilities were discovered in Jetty, a Java servlet engine\nand webserver which could result in cross-site scripting, information\ndisclosure, privilege escalation or denial of service.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.4.16-0+deb10u1.\n\nWe recommend that you upgrade your jetty9 packages.\n\nFor the detailed security status of jetty9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/jetty9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "published": "2021-08-04T21:52:09", "modified": "2021-08-04T21:52:09", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.debian.org/debian-security-announce/2021/msg00132.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27216", "CVE-2020-27223", "CVE-2020-28165", "CVE-2020-28169", "CVE-2021-34428"], "immutableFields": [], "lastseen": "2022-02-16T11:35:37", "viewCount": 71, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2020-3308"]}, {"type": "cve", "idList": ["CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27216", "CVE-2020-27223", "CVE-2020-28165", "CVE-2020-28169", "CVE-2021-34428"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2661-1:5DE5A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-10241", "DEBIANCVE:CVE-2019-10247", "DEBIANCVE:CVE-2020-27216", "DEBIANCVE:CVE-2020-27223", "DEBIANCVE:CVE-2021-34428"]}, {"type": "exploitdb", "idList": ["EDB-ID:49363"]}, {"type": "f5", "idList": ["F5:K01869532", "F5:K18484125", "F5:K41412302", "F5:K51975973"]}, {"type": "github", "idList": ["GHSA-7VX9-XJHR-RW6H", "GHSA-G3WG-6MCF-8JJ6", "GHSA-M394-8RWW-3JR7", "GHSA-M6CP-VXJX-65J6", "GHSA-XC67-HJX6-CGG6"]}, {"type": "githubexploit", "idList": ["194C161A-A17E-51A4-97CC-179E45EC7253", "4932E4D5-8D46-570E-A004-353D5B00BE57"]}, {"type": "ibm", "idList": ["026861C8F37CB442AEB06F08CB67784AB6226E1C2C5830E2D4227D71E9453C5B", "0CDA7C10442B705C677D939E4525A0FD2BF6C2E3CCD7C1AC57DA125C095DD3F3", "101D9839DC4D3A67F5CA5070D8255AEF01378A1F2F94126A2F00868A71C2B71A", "1684DEC3DF3BB9E78C84E76D9D7057965A40ADC07F69C113F4E928D34BF0D671", "1816205804EFBBBBB94018144A008A33799E226A9B559AA545872E5FBE25A885", "1A030187296C45282C7919058ADD8AA1992811C3B3D7481CF22AA0E13A7F5096", "1AA4611E8CEF92D7DAB3035A8D24E6E9D88F1CF99EEC6736B41463D5EEF4773E", "1DC9078E2D1CA7D5784B1FC9BDA067B8531DD5665DE952284FBF28A882CBE820", "1F707BCFF7B87B9F76A41F8C24CF01CE9AF5A20146DFADFAD12F1F209431504F", "2AD1F86BAC93366F89BAA6BECFE551E5D80A650C29A4222CD9BF66F9689BF3F3", "2C070ACA838DF756EF2C6663B3A4CC8D6546936B4E9067A8CC8F4E89004415FB", "2DD33EDACA0BB82F4B5458A08C6886655FE63C68C3DB81837B804B712F21638E", "39C214FD5E5504CD5F6F1D889575FBD4E81A443FEF59E6207CD831893A63CFFE", "3E7141042BE5B9E1A55ADA05F6035C03E394EF7DC2BDEDF57AEB4C33DF04D003", "3F1E93CED935A8B73DF4F559D8444A47F42A24D3C4458A3E6BDE3B7C2F9CF9D0", "570AF6CDC4F7E864E6852EBD03923041C13A884B424AC254820AD0EEB73694DF", "573F294E16A1C9B7682B48604209232E9D20CDAD4F9D09F633AA855F804E24CD", "5EECFC5C8DC24CAFE9B7AB5FC12D78B14281213BEAB82B828C710EEE945957CC", "6195FD892AA154A172FA62D1C3179F1BED3A69333139BC056B6242D7A468E832", "654EC4741C192A4D4B8ACB967C8C2D31BEFC1442C9B7DCC262604FE1AE69DF3B", "6B0EA5EC8A444AC10EC1F200C7B61DAF5E4F6E89E5C2943D1BA5016D81598440", "72E563FF799565BA0BAC30781F2F7618D43BA295DE1DABC0839C7F0ECB363255", "75A547F3BA75C8FD5BF5185CE11155B9F37CBC820B9102C0531E0C7785BA8B78", "7AF5E457957D525BF4860A192FFBA4A63C528432C2CE1B5DDAC50B96EBBF9A8E", "86A0B847D48ABE8E582B1C33E6C19AB73FD9D93A80B340CCDC1D166A92F95ED8", "8DF333F79E75C38BAF5D10978D2A5980C7BCD16722EBEF4A77847AA9601A851D", "96B34DECBD5111CA099BBF02896DC500AFE9357A8C64E783BBC560AB34F745F2", "9B7484C34C9F34F0426B6E8110F51B91DBBF139DD14849DC744E1B348D2F480F", "A104F357C85C98F8863EC17E0968EE2F520A9E4DA3A10DBF1287F2CDE17AFD04", "A286BD77B3C7FBE86C2323B3D9F433CB3B367EDDC062CD70A992ABBC521C41B7", "A2986B3F1E7D262A7D84A42B3E6305CB140E7761D5A0E56DB1A501FFE61D4E56", "AA9924D97A331BFEF405C5965F86807ACBF07005A06B3D61D1E7556C355A7841", "AB595BAD745ACCEB2CA1F5A7FC0DC9717FFDD74D2EEC460390003F7C91DD4FFD", "B0FF85DCDE8644B3484BD6CF258480DD40154E7BDFEEDF7A128BF747F3AC618F", "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "B5F498C2528C0E625760D72F802C203FB63AC6B3CBD1D27268D5F386CC4385CE", "B9C7132D775DE65C4A7C7EA65CB4611218B4F54983B765131C39E74D07EE9525", "CA7B69C6C25B5CD3E67C5E490475138F56E88AC0B9EF3B3DB16A58692CDC85F8", "D783A7F4DFFB9905E79E357ACA80CE9623FFC55147AEC4BAF71DFFC0CC45C9F3", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E4A28F8F68186CEA27D3FEB20460BE3334CBCA58BC4385BFB2DAC3333FEF6C4B", "E6075AA4421CDE4C93FB6FE776168FD888F3E662A7F0CD9B705035929B13694E", "EAE3626D697DD9AA184F2FB8430E9808A349261E042A2F475F1558DE0474E3B5", "EB9C97E1767E99DB5972AA6DB53446FFC1D2256CC95E283AD514F18189053A41", "F3E9AF17DCD2EBC47BC32D0E05B6ACDCBFDDAF3EB47FFAC93CFD0FEBBBC04F7E", "F9336FFC545BDCFCB6E2911A06416BD29601F97D9670FD8B6FE980BAB262EA22", "FF60AB2CCC42CBF13C1B6FA8A219EC72D17B3DCC11F28A2485862DCCD8A4C2EC"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2661.NASL", "DEBIAN_DSA-4949.NASL", "F5_BIGIP_SOL18484125.NASL", "REDHAT-RHSA-2020-5168.NASL", "REDHAT-RHSA-2021-2431.NASL", "REDHAT-RHSA-2021-2499.NASL", "REDHAT-RHSA-2021-2517.NASL", "WEB_APPLICATION_SCANNING_112990", "WEB_APPLICATION_SCANNING_112991", "WEB_APPLICATION_SCANNING_112992", "WEB_APPLICATION_SCANNING_112996", "WEB_APPLICATION_SCANNING_112997", "WEB_APPLICATION_SCANNING_112998", "WEB_APPLICATION_SCANNING_113002"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142309", "OPENVAS:136141256231014231", "OPENVAS:1361412562310142312", "OPENVAS:1361412562310142313"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2019-5072832", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "osv", "idList": ["OSV:DLA-2661-1", "OSV:DSA-4949-1", "OSV:GHSA-7VX9-XJHR-RW6H", "OSV:GHSA-G3WG-6MCF-8JJ6", "OSV:GHSA-M394-8RWW-3JR7", "OSV:GHSA-M6CP-VXJX-65J6", "OSV:GHSA-XC67-HJX6-CGG6"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160791"]}, {"type": "redhat", "idList": ["RHSA-2020:0922", "RHSA-2020:0983", "RHSA-2020:1445", "RHSA-2020:5168", "RHSA-2020:5365", "RHSA-2021:0329", "RHSA-2021:2431", "RHSA-2021:2499", "RHSA-2021:2517", "RHSA-2021:2689", "RHSA-2021:3140", "RHSA-2021:3225", "RHSA-2021:3700", "RHSA-2021:3758", "RHSA-2021:3759", "RHSA-2021:4767", "RHSA-2021:5134"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-10241", "RH:CVE-2019-10247", "RH:CVE-2020-27216", "RH:CVE-2020-27223", "RH:CVE-2021-34428"]}, {"type": "seebug", "idList": ["SSV:99323"]}, {"type": "symantec", "idList": ["SMNTC-110476", "SMNTC-110519"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10241", "UB:CVE-2019-10247", "UB:CVE-2020-27216", "UB:CVE-2020-27223", "UB:CVE-2021-34428"]}, {"type": "veracode", "idList": ["VERACODE:27671", "VERACODE:29523", "VERACODE:31049"]}, {"type": "zdt", "idList": ["1337DAY-ID-35614"]}]}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2020-3308"]}, {"type": "cve", "idList": ["CVE-2019-10241", "CVE-2019-10247", "CVE-2020-28169", "CVE-2021-34428"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2661-1:5DE5A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-10241", "DEBIANCVE:CVE-2019-10247", "DEBIANCVE:CVE-2020-27216", "DEBIANCVE:CVE-2020-27223", "DEBIANCVE:CVE-2021-34428"]}, {"type": "exploitdb", "idList": ["EDB-ID:49363"]}, {"type": "f5", "idList": ["F5:K01869532", "F5:K41412302"]}, {"type": "github", "idList": ["GHSA-7VX9-XJHR-RW6H", "GHSA-M6CP-VXJX-65J6", "GHSA-XC67-HJX6-CGG6"]}, {"type": "githubexploit", "idList": ["194C161A-A17E-51A4-97CC-179E45EC7253", "4932E4D5-8D46-570E-A004-353D5B00BE57"]}, {"type": "ibm", "idList": ["1816205804EFBBBBB94018144A008A33799E226A9B559AA545872E5FBE25A885", "B0FF85DCDE8644B3484BD6CF258480DD40154E7BDFEEDF7A128BF747F3AC618F", "D783A7F4DFFB9905E79E357ACA80CE9623FFC55147AEC4BAF71DFFC0CC45C9F3"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2020-5168.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142309", "OPENVAS:136141256231014231", "OPENVAS:1361412562310142312", "OPENVAS:1361412562310142313"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160791"]}, {"type": "redhat", "idList": ["RHSA-2021:3759"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-27216", "RH:CVE-2020-27223", "RH:CVE-2021-34428"]}, {"type": "seebug", "idList": ["SSV:99323"]}, {"type": "symantec", "idList": ["SMNTC-110519"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-34428"]}, {"type": "zdt", "idList": ["1337DAY-ID-35614"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-10241", "epss": "0.001880000", "percentile": "0.545790000", "modified": "2023-03-17"}, {"cve": "CVE-2019-10247", "epss": "0.002490000", "percentile": "0.610350000", "modified": "2023-03-17"}, {"cve": "CVE-2020-27216", "epss": "0.000520000", "percentile": "0.183540000", "modified": "2023-03-17"}, {"cve": "CVE-2020-27223", "epss": "0.009500000", "percentile": "0.808130000", "modified": "2023-03-17"}, {"cve": "CVE-2020-28165", "epss": "0.002010000", "percentile": "0.563070000", "modified": "2023-03-17"}, {"cve": "CVE-2020-28169", "epss": "0.001680000", "percentile": "0.518920000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34428", "epss": "0.000730000", "percentile": "0.296480000", "modified": "2023-03-17"}], "vulnersScore": 0.4}, "_state": {"dependencies": 1660012827, "score": 1659911586, "epss": 1679098904}, "_internal": {"score_hash": "7bc005b1691d38dc5a03a3137c6e23a6"}, "affectedPackage": [{"operator": "lt", "OS": "Debian", "packageFilename": "libjetty9-extra-java_9.2.30-0+deb9u1_all.deb", "packageVersion": "9.2.30-0+deb9u1", "arch": "all", "OSVersion": "9", "packageName": "libjetty9-extra-java"}, {"operator": "lt", "OS": "Debian", "packageVersion": "9.2.30-0+deb9u1", "arch": "all", "packageFilename": "jetty9_9.2.30-0+deb9u1_all.deb", "OSVersion": "9", "packageName": "jetty9"}, {"operator": "lt", "OS": "Debian", "packageVersion": "9.2.30-0+deb9u1", "arch": "all", "packageFilename": "libjetty9-java_9.2.30-0+deb9u1_all.deb", "OSVersion": "9", "packageName": "libjetty9-java"}, {"operator": "lt", "OS": "Debian", "OSVersion": "10", "arch": "all", "packageVersion": "9.4.16-0+deb10u1", "packageFilename": "libjetty9-java_9.4.16-0+deb10u1_all.deb", "packageName": "libjetty9-java"}, {"packageFilename": "libjetty9-extra-java_9.4.16-0+deb10u1_all.deb", "OS": "Debian", "operator": "lt", "OSVersion": "10", "arch": "all", "packageVersion": "9.4.16-0+deb10u1", "packageName": "libjetty9-extra-java"}, {"operator": "lt", "OS": "Debian", "OSVersion": "10", "arch": "all", "packageVersion": "9.4.16-0+deb10u1", "packageFilename": "jetty9_9.4.16-0+deb10u1_all.deb", "packageName": "jetty9"}]}

{"nessus": [{"lastseen": "2023-01-24T14:51:06", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4949 advisory.\n\n - In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. (CVE-2019-10241)\n\n - In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.\n (CVE-2019-10247)\n\n - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. (CVE-2020-27216)\n\n - In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. (CVE-2020-27223)\n\n - The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\\SYSTEM.\n (CVE-2020-28169)\n\n - For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.\n (CVE-2021-34428)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-05T00:00:00", "type": "nessus", "title": "Debian DSA-4949-1 : jetty9 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27216", "CVE-2020-27223", "CVE-2020-28165", "CVE-2020-28169", "CVE-2021-34428"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:jetty9", "p-cpe:/a:debian:debian_linux:libjetty9-extra-java", "p-cpe:/a:debian:debian_linux:libjetty9-java", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4949.NASL", "href": "https://www.tenable.com/plugins/nessus/152224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-4949. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152224);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-10241\",\n \"CVE-2019-10247\",\n \"CVE-2020-27216\",\n \"CVE-2020-27223\",\n \"CVE-2020-28165\",\n \"CVE-2020-28169\",\n \"CVE-2021-34428\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0019\");\n script_xref(name:\"IAVA\", value:\"2019-A-0384\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DSA-4949-1 : jetty9 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-4949 advisory.\n\n - In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is\n vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet\n or ResourceHandler that is configured for showing a Listing of directory contents. (CVE-2019-10241)\n\n - In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server\n running on any OS and Jetty version combination will reveal the configured fully qualified directory base\n resource location on the output of the 404 error for not finding a Context that matches the requested\n path. The default server behavior on jetty-distribution and jetty-home will include at the end of the\n Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various\n configured contexts as HTML for users to click through to. This produced HTML includes output that\n contains the configured fully qualified directory base resource location for each context.\n (CVE-2019-10247)\n\n - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1\n thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on\n that system. A collocated user can observe the process of creating a temporary sub directory in the shared\n temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins\n the race then they will have read and write permission to the subdirectory used to unpack web\n applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of\n this temporary directory, this can lead to a local privilege escalation vulnerability. (CVE-2020-27216)\n\n - In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a\n request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the\n server may enter a denial of service (DoS) state due to high CPU usage processing those quality values,\n resulting in minutes of CPU time exhausted processing those quality values. (CVE-2020-27223)\n\n - The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the\n bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\\SYSTEM.\n (CVE-2020-28169)\n\n - For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the\n SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID\n manager. On deployments with clustered sessions and multiple contexts this can result in a session not\n being invalidated. This can result in an application used on a shared computer being left logged in.\n (CVE-2021-34428)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/jetty9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-4949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-10241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-10247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-27216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-27223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-28165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-28169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-34428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/jetty9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the jetty9 packages.\n\nFor the stable distribution (buster), these problems have been fixed in version 9.4.16-0+deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28165\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jetty9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjetty9-extra-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjetty9-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '10.0', 'prefix': 'jetty9', 'reference': '9.4.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libjetty9-extra-java', 'reference': '9.4.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libjetty9-java', 'reference': '9.4.16-0+deb10u1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jetty9 / libjetty9-extra-java / libjetty9-java');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-23T14:30:27", "description": "Several vulnerabilities were discovered in jetty, a Java servlet engine and webserver. An attacker may reveal cryptographic credentials such as passwords to a local user, disclose installation paths, hijack user sessions or tamper with collocated webapps.\n\nCVE-2017-9735\n\nJetty is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.\n\nCVE-2018-12536\n\nOn webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.\n\nCVE-2019-10241\n\nThe server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.\n\nCVE-2019-10247\n\nThe server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.\n\nCVE-2020-27216\n\nOn Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.\n\nThis update also includes several other bug fixes and improvements.\nFor more information please refer to the upstream changelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version 9.2.30-0+deb9u1.\n\nWe recommend that you upgrade your jetty9 packages.\n\nFor the detailed security status of jetty9 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/jetty9\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-17T00:00:00", "type": "nessus", "title": "Debian DLA-2661-1 : jetty9 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9735", "CVE-2018-12536", "CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27216"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:jetty9", "p-cpe:/a:debian:debian_linux:libjetty9-extra-java", "p-cpe:/a:debian:debian_linux:libjetty9-java", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2661.NASL", "href": "https://www.tenable.com/plugins/nessus/149518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2661-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149518);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2017-9735\", \"CVE-2018-12536\", \"CVE-2019-10241\", \"CVE-2019-10247\", \"CVE-2020-27216\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DLA-2661-1 : jetty9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in jetty, a Java servlet\nengine and webserver. An attacker may reveal cryptographic credentials\nsuch as passwords to a local user, disclose installation paths, hijack\nuser sessions or tamper with collocated webapps.\n\nCVE-2017-9735\n\nJetty is prone to a timing channel in util/security/Password.java,\nwhich makes it easier for remote attackers to obtain access by\nobserving elapsed times before rejection of incorrect passwords.\n\nCVE-2018-12536\n\nOn webapps deployed using default Error Handling, when an\nintentionally bad query arrives that doesn't match a dynamic\nurl-pattern, and is eventually handled by the DefaultServlet's static\nfile serving, the bad characters can trigger a\njava.nio.file.InvalidPathException which includes the full path to the\nbase resource directory that the DefaultServlet and/or webapp is\nusing. If this InvalidPathException is then handled by the default\nError Handler, the InvalidPathException message is included in the\nerror response, revealing the full server path to the requesting\nsystem.\n\nCVE-2019-10241\n\nThe server is vulnerable to XSS conditions if a remote client USES a\nspecially formatted URL against the DefaultServlet or ResourceHandler\nthat is configured for showing a Listing of directory contents.\n\nCVE-2019-10247\n\nThe server running on any OS and Jetty version combination will reveal\nthe configured fully qualified directory base resource location on the\noutput of the 404 error for not finding a Context that matches the\nrequested path. The default server behavior on jetty-distribution and\njetty-home will include at the end of the Handler tree a\nDefaultHandler, which is responsible for reporting this 404 error, it\npresents the various configured contexts as HTML for users to click\nthrough to. This produced HTML includes output that contains the\nconfigured fully qualified directory base resource location for each\ncontext.\n\nCVE-2020-27216\n\nOn Unix like systems, the system's temporary directory is shared\nbetween all users on that system. A collocated user can observe the\nprocess of creating a temporary sub directory in the shared temporary\ndirectory and race to complete the creation of the temporary\nsubdirectory. If the attacker wins the race then they will have read\nand write permission to the subdirectory used to unpack web\napplications, including their WEB-INF/lib jar files and JSP files. If\nany code is ever executed out of this temporary directory, this can\nlead to a local privilege escalation vulnerability.\n\nThis update also includes several other bug fixes and improvements.\nFor more information please refer to the upstream changelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version\n9.2.30-0+deb9u1.\n\nWe recommend that you upgrade your jetty9 packages.\n\nFor the detailed security status of jetty9 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/jetty9\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/jetty9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/jetty9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10247\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jetty9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjetty9-extra-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjetty9-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"jetty9\", reference:\"9.2.30-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libjetty9-extra-java\", reference:\"9.2.30-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libjetty9-java\", reference:\"9.2.30-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-24T14:48:08", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2499 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n - jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n - jetty: request containing multiple Accept headers with a large number of quality parameters may lead to DoS (CVE-2020-27223)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-29T00:00:00", "type": "nessus", "title": "RHEL 8 : OpenShift Container Platform 4.6.36 (RHSA-2021:2499)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:jenkins"], "id": "REDHAT-RHSA-2021-2499.NASL", "href": "https://www.tenable.com/plugins/nessus/151117", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2499. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151117);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-27216\", \"CVE-2020-27218\", \"CVE-2020-27223\");\n script_xref(name:\"RHSA\", value:\"2021:2499\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : OpenShift Container Platform 4.6.36 (RHSA-2021:2499)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2499 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n - jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n - jetty: request containing multiple Accept headers with a large number of quality parameters may lead to\n DoS (CVE-2020-27223)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1934116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27218\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27216\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(226, 377, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/ppc64le/rhocp/4.6/debug',\n 'content/dist/layered/rhel8/ppc64le/rhocp/4.6/os',\n 'content/dist/layered/rhel8/ppc64le/rhocp/4.6/source/SRPMS',\n 'content/dist/layered/rhel8/s390x/rhocp/4.6/debug',\n 'content/dist/layered/rhel8/s390x/rhocp/4.6/os',\n 'content/dist/layered/rhel8/s390x/rhocp/4.6/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.6/debug',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.6/os',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jenkins-2.277.3.1623853726-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:07", "description": "The version of Jetty installed on the remote host suffers from a potential race condition when creating temporary sub directories. If an co-located attacker wins the race, then they will have read/write privilege to the subdirectory used to unpack web applications, potentially leading to a local privilege escalation vulnerability. Note that the scanner has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty < 9.4.33 Local Temp Directory Hijacking", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113002", "href": "https://www.tenable.com/plugins/was/113002", "sourceData": "No source data", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T14:53:49", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5168 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-24T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-eclipse (RHSA-2020:5168)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-antlr", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bcel", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bsf", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-log4j", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-oro", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-regexp", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-resolver", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-xalan2", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-logging", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-net", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-imageio", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javamail", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jdepend", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jmf", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jsch", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit5", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-lib", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-manual", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-swing", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-testutil", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-xz", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-java", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-maven-plugin", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-tool", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-parent", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-css", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-demo", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-rasterizer", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-slideshow", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-squiggle", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-svgpp", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-ttf2svg", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-util", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-mail", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pg", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pkix", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-tls", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ecj", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-contributor-tools", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-core", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-runtime", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-sdk", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-egit", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-core", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-runtime", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-sdk", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-xsd", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-equinox-osgi", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef-sdk", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jdt", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jgit", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license1", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license2", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-core", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-mpc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-p2-discovery", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pde", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-platform", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pydev", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-subclipse", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-swt", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-common", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-servertools", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-sourceediting", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ed25519-java", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-parent", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-client", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-continuation", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-http", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-io", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jaas", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jmx", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-security", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-server", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-servlet", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-util", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-webapp", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-xml", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-native", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-contrib", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-connector-factory", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-core", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-jsch", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-pageant", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-sshagent", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-trilead-ssh2", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-jna", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-nc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-guide", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-demo", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-demo", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analysis", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analyzers-smartcn", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-backward-codecs", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-classification", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-codecs", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-grouping", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-highlighter", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-join", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-memory", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-misc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-monitor", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queries", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queryparser", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-sandbox", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-suggest", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-catalog", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-common", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-descriptor", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-packaging", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-plugin", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-netty", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-runtime", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sat4j", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-scldevel", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-cli", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javahl", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-atom", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-common", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-maven-plugin", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-translate-plugin", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-xml", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-client", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-common", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-javadoc", "p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-server"], "id": "REDHAT-RHSA-2020-5168.NASL", "href": "https://www.tenable.com/plugins/nessus/143213", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5168. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143213);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-27216\");\n script_xref(name:\"RHSA\", value:\"2020:5168\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"RHEL 7 : rh-eclipse (RHSA-2020:5168)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5168 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891132\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27216\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(377);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-antlr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bcel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-oro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-regexp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-xalan2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-net\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-imageio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javamail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jdepend\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jsch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-swing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-testutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-maven-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-css\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-rasterizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-slideshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-squiggle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-svgpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-ttf2svg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pkix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ecj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-contributor-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-egit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-xsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-equinox-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jdt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jgit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-mpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-p2-discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-platform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pydev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-subclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-swt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-servertools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-sourceediting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ed25519-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-continuation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-io\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jaas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-servlet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-connector-factory\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-jsch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-pageant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-sshagent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-trilead-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-jna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-nc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-guide\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analysis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analyzers-smartcn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-backward-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-classification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-grouping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-highlighter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-join\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-memory\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queries\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queryparser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-suggest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-descriptor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sat4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-scldevel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-atom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-maven-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-translate-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/devtools/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/devtools/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/devtools/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/devtools/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/devtools/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/devtools/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-eclipse-4.17-6.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-ant-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-antlr-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-apache-bcel-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-apache-bsf-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-apache-log4j-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-apache-oro-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-apache-regexp-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-apache-resolver-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-apache-xalan2-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-commons-logging-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-commons-net-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-imageio-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-javadoc-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-javamail-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-jdepend-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-jmf-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-jsch-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-junit-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-junit5-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-lib-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-manual-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-swing-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-testutil-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ant-xz-1.10.9-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-antlr32-java-3.2-28.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-antlr32-javadoc-3.2-28.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-antlr32-maven-plugin-3.2-28.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-antlr32-tool-3.2-28.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-apache-sshd-2.4.0-5.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-apache-sshd-javadoc-2.4.0-5.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-apiguardian-1.1.0-6.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-apiguardian-javadoc-1.1.0-6.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-args4j-2.33-12.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-args4j-javadoc-2.33-12.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-args4j-parent-2.33-12.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-css-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-demo-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-javadoc-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-rasterizer-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-slideshow-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-squiggle-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-svgpp-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-ttf2svg-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-batik-util-1.13-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-bouncycastle-1.67-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-bouncycastle-javadoc-1.67-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-bouncycastle-mail-1.67-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-bouncycastle-pg-1.67-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-bouncycastle-pkix-1.67-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-bouncycastle-tls-1.67-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-cbi-plugins-1.1.7-8.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-cbi-plugins-javadoc-1.1.7-8.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-decentxml-1.4-24.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-decentxml-javadoc-1.4-24.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ecj-4.17-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-contributor-tools-4.17-2.2.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-ecf-core-3.14.17-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-ecf-runtime-3.14.17-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-ecf-sdk-3.14.17-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-egit-5.9.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-emf-core-2.23.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-emf-runtime-2.23.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-emf-sdk-2.23.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-emf-xsd-2.23.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-equinox-osgi-4.17-2.2.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-gef-3.11.0-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-gef-sdk-3.11.0-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-jdt-4.17-2.2.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-jgit-5.9.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-license1-1.0.1-12.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-license2-2.0.2-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-m2e-core-1.16.2-3.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-m2e-workspace-0.4.0-16.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-m2e-workspace-javadoc-0.4.0-16.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-mpc-1.8.4-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-p2-discovery-4.17-2.2.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-pde-4.17-2.2.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-platform-4.17-2.2.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-pydev-8.0.0-1.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-subclipse-4.3.0-8.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-swt-4.17-2.2.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-eclipse-webtools-common-3.19.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-webtools-servertools-3.19.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-eclipse-webtools-sourceediting-3.19.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ed25519-java-0.3.0-8.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-gogo-command-1.0.2-12.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-gogo-command-javadoc-1.0.2-12.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-gogo-parent-4-6.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-gogo-runtime-1.1.0-8.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-gogo-runtime-javadoc-1.1.0-8.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-gogo-shell-1.1.0-6.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-gogo-shell-javadoc-1.1.0-6.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-scr-2.1.16-7.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-felix-scr-javadoc-2.1.16-7.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-javaewah-1.1.6-10.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-javaewah-javadoc-1.1.6-10.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-javaparser-3.14.16-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-javaparser-javadoc-3.14.16-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jchardet-1.1-23.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jchardet-javadoc-1.1-23.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jctools-3.1.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jctools-javadoc-3.1.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-client-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-continuation-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-http-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-io-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-jaas-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-javadoc-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-jmx-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-security-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-server-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-servlet-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-util-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-webapp-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jetty-xml-9.4.33-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jffi-1.2.23-2.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jffi-javadoc-1.2.23-2.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jffi-native-1.2.23-2.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jgit-5.9.0-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jgit-javadoc-5.9.0-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jna-5.4.0-7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jna-contrib-5.4.0-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jna-javadoc-5.4.0-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-constants-0.9.12-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-constants-javadoc-0.9.12-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-ffi-2.1.8-9.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-ffi-javadoc-2.1.8-9.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-netdb-1.1.6-11.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-netdb-javadoc-1.1.6-11.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-posix-3.0.47-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-posix-javadoc-3.0.47-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-x86asm-1.0.2-22.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jnr-x86asm-javadoc-1.0.2-22.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-connector-factory-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-core-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-javadoc-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-jsch-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-pageant-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-sshagent-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-trilead-ssh2-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-usocket-jna-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jsch-agent-proxy-usocket-nc-0.0.8-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-junit5-5.7.0-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-junit5-guide-5.7.0-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-junit5-javadoc-5.7.0-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jython-2.7.1-14.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jython-demo-2.7.1-14.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jython-javadoc-2.7.1-14.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jzlib-1.1.3-15.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jzlib-demo-1.1.3-15.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-jzlib-javadoc-1.1.3-15.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-analysis-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-analyzers-smartcn-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-backward-codecs-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-classification-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-codecs-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-grouping-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-highlighter-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-javadoc-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-join-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-memory-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-misc-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-monitor-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-queries-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-queryparser-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-sandbox-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-lucene-suggest-8.6.3-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-archetype-3.2.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-archetype-catalog-3.2.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-archetype-common-3.2.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-archetype-descriptor-3.2.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-archetype-javadoc-3.2.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-archetype-packaging-3.2.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-archetype-plugin-3.2.0-1.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-indexer-6.0.0-5.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-maven-indexer-javadoc-6.0.0-5.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-netty-4.1.51-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-objectweb-asm-8.0.1-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-objectweb-asm-javadoc-8.0.1-1.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-opentest4j-1.2.0-4.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-opentest4j-javadoc-1.2.0-4.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-os-maven-plugin-1.6.2-2.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-os-maven-plugin-javadoc-1.6.2-2.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-runtime-4.17-6.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-sac-1.3-34.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-sac-javadoc-1.3-34.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-sat4j-2.3.5-20.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-scldevel-4.17-6.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-sequence-library-1.0.3-8.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-sequence-library-javadoc-1.0.3-8.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-sqljet-1.1.10-18.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-sqljet-javadoc-1.1.10-18.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-stringtemplate-3.2.1-24.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-stringtemplate-javadoc-3.2.1-24.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-svnkit-1.8.12-9.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-svnkit-cli-1.8.12-9.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-svnkit-javadoc-1.8.12-9.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-svnkit-javahl-1.8.12-9.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-takari-polyglot-0.4.5-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-takari-polyglot-atom-0.4.5-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-takari-polyglot-common-0.4.5-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-takari-polyglot-javadoc-0.4.5-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-takari-polyglot-maven-plugin-0.4.5-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-takari-polyglot-translate-plugin-0.4.5-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-takari-polyglot-xml-0.4.5-2.1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-trilead-ssh2-217.21-3.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-trilead-ssh2-javadoc-217.21-3.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-tycho-1.7.0-2.5.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-tycho-javadoc-1.7.0-2.5.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-univocity-parsers-2.9.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-univocity-parsers-javadoc-2.9.0-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ws-commons-util-1.0.2-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-ws-commons-util-javadoc-1.0.2-14.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-xml-maven-plugin-1.0.2-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-xml-maven-plugin-javadoc-1.0.2-7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-xmlgraphics-commons-2.4-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-xmlgraphics-commons-javadoc-2.4-1.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-eclipse-xmlrpc-client-3.1.3-27.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-xmlrpc-common-3.1.3-27.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-xmlrpc-javadoc-3.1.3-27.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'rh-eclipse-xmlrpc-server-3.1.3-27.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-eclipse / rh-eclipse-ant / rh-eclipse-ant-antlr / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-21T15:34:37", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K18484125 advisory.\n\n - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. (CVE-2020-27216)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Eclipse Jetty vulnerability (K18484125)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "cpe:2.3:h:f5:big-ip_protocol_security_manager:*:*:*:*:*:*:*:*", "cpe:2.3:h:f5:big-ip:*:*:*:*:*:*:*:*"], "id": "F5_BIGIP_SOL18484125.NASL", "href": "https://www.tenable.com/plugins/nessus/161332", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K18484125.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161332);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-27216\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"F5 Networks BIG-IP : Eclipse Jetty vulnerability (K18484125)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by\na vulnerability as referenced in the K18484125 advisory.\n\n - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1\n thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on\n that system. A collocated user can observe the process of creating a temporary sub directory in the shared\n temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins\n the race then they will have read and write permission to the subdirectory used to unpack web\n applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of\n this temporary directory, this can lead to a local privilege escalation vulnerability. (CVE-2020-27216)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K18484125\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K18484125.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27216\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar sol = 'K18484125';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n },\n 'APM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n },\n 'ASM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n },\n 'GTM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n },\n 'LTM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n },\n 'PEM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n },\n 'PSM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n },\n 'WOM': {\n 'affected': [\n '17.0.0','16.0.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:05", "description": "The version of Jetty installed on the remote host handles a request containing request headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage. Note that the scanner has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty 9.4.6 < 9.4.37 Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112996", "href": "https://www.tenable.com/plugins/was/112996", "sourceData": "No source data", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:56:08", "description": "The version of Jetty installed on the remote host handles a request containing request headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage. Note that the scanner has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty 11.0.x < 11.0.1 Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112998", "href": "https://www.tenable.com/plugins/was/112998", "sourceData": "No source data", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:56:08", "description": "The version of Jetty installed on the remote host handles a request containing request headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage. Note that the scanner has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty 10.0.x < 10.0.1 Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112997", "href": "https://www.tenable.com/plugins/was/112997", "sourceData": "No source data", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-24T14:49:17", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2517 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n - jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n - jetty: request containing multiple Accept headers with a large number of quality parameters may lead to DoS (CVE-2020-27223)\n\n - jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2021-21642)\n\n - jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints. (CVE-2021-21643)\n\n - jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)\n\n - jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.\n (CVE-2021-21645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.11.462 bug fix and (RHSA-2021:2517)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223", "CVE-2021-21642", "CVE-2021-21643", "CVE-2021-21644", "CVE-2021-21645"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "id": "REDHAT-RHSA-2021-2517.NASL", "href": "https://www.tenable.com/plugins/nessus/151276", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2517. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151276);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-27216\",\n \"CVE-2020-27218\",\n \"CVE-2020-27223\",\n \"CVE-2021-21642\",\n \"CVE-2021-21643\",\n \"CVE-2021-21644\",\n \"CVE-2021-21645\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2517\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.462 bug fix and (RHSA-2021:2517)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2517 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n - jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n - jetty: request containing multiple Accept headers with a large number of quality parameters may lead to\n DoS (CVE-2020-27223)\n\n - jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity\n (XXE) attacks. (CVE-2021-21642)\n\n - jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP\n endpoints. (CVE-2021-21643)\n\n - jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in\n a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)\n\n - jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.\n (CVE-2021-21645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1934116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins and / or jenkins-2-plugins packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21644\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(226, 281, 352, 377, 400, 611);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/ose/3.11/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/ose/3.11/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/ose/3.11/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/ose/3.11/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/ose/3.11/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/ose/3.11/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/os',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jenkins-2-plugins-3.11.1624366838-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'jenkins-2.289.1.1624365627-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-24T14:49:57", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2431 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n - jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n - jetty: request containing multiple Accept headers with a large number of quality parameters may lead to DoS (CVE-2020-27223)\n\n - jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2021-21642)\n\n - jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints. (CVE-2021-21643)\n\n - jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)\n\n - jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.\n (CVE-2021-21645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.5.41 (RHSA-2021:2431)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223", "CVE-2021-21642", "CVE-2021-21643", "CVE-2021-21644", "CVE-2021-21645"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "id": "REDHAT-RHSA-2021-2431.NASL", "href": "https://www.tenable.com/plugins/nessus/151290", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2431. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151290);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-27216\",\n \"CVE-2020-27218\",\n \"CVE-2020-27223\",\n \"CVE-2021-21642\",\n \"CVE-2021-21643\",\n \"CVE-2021-21644\",\n \"CVE-2021-21645\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2431\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.5.41 (RHSA-2021:2431)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2431 advisory.\n\n - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n - jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n - jetty: request containing multiple Accept headers with a large number of quality parameters may lead to\n DoS (CVE-2020-27223)\n\n - jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity\n (XXE) attacks. (CVE-2021-21642)\n\n - jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP\n endpoints. (CVE-2021-21643)\n\n - jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in\n a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)\n\n - jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.\n (CVE-2021-21645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1934116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins and / or jenkins-2-plugins packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21644\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(226, 281, 352, 377, 400, 611);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/power-le/7/7Server/ppc64le/ose/4.5/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/ose/4.5/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/ose/4.5/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.5/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.5/os',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.5/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.5/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.5/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.5/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jenkins-2-plugins-4.5.1623326336-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'jenkins-2.277.3.1623846768-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:06", "description": "According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities:\n\n - An issue with failure to invalidate sessions after an exception in the SessionListener#sessionDestroyed() method. (CVE-2021-34428)\n\n - A issue with permitting access to protected resources within the WEB-INF directory when accessed with doubly encoded paths. (CVE-2021-28169)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty 11.0.x < 11.0.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169", "CVE-2021-34428"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112992", "href": "https://www.tenable.com/plugins/was/112992", "sourceData": "No source data", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:56:04", "description": "According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities:\n\n - An issue with failure to invalidate sessions after an exception in the SessionListener#sessionDestroyed() method. (CVE-2021-34428)\n\n - A issue with permitting access to protected resources within the WEB-INF directory when accessed with doubly encoded paths. (CVE-2021-28169)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty 10.0.x < 10.0.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169", "CVE-2021-34428"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112991", "href": "https://www.tenable.com/plugins/was/112991", "sourceData": "No source data", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:56:04", "description": "According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities:\n\n - An issue with failure to invalidate sessions after an exception in the SessionListener#sessionDestroyed() method. (CVE-2021-34428)\n\n - A issue with permitting access to protected resources within the WEB-INF directory when accessed with doubly encoded paths. (CVE-2021-28169)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty < 9.4.41 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169", "CVE-2021-34428"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112990", "href": "https://www.tenable.com/plugins/was/112990", "sourceData": "No source data", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-25T05:01:24", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3758 advisory.\n\n - jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)\n\n - golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n - jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)\n\n - openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action (CVE-2021-36980)\n\n - coreos-installer: restrict access permissions on /boot/ignition{,/config.ign} (CVE-2021-3917)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.9.0 packages and (RHSA-2021:3758)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169", "CVE-2021-33196", "CVE-2021-34428", "CVE-2021-36980", "CVE-2021-3917"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:coreos-installer", "p-cpe:/a:redhat:enterprise_linux:coreos-installer-bootinfra", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:network-scripts-openvswitch2.15", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:openvswitch2.15", "p-cpe:/a:redhat:enterprise_linux:openvswitch2.15-devel", "p-cpe:/a:redhat:enterprise_linux:openvswitch2.15-ipsec", "p-cpe:/a:redhat:enterprise_linux:openvswitch2.15-test", "p-cpe:/a:redhat:enterprise_linux:python3-openvswitch2.15"], "id": "REDHAT-RHSA-2021-3758.NASL", "href": "https://www.tenable.com/plugins/nessus/165134", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3758. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165134);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-3917\",\n \"CVE-2021-28169\",\n \"CVE-2021-33196\",\n \"CVE-2021-34428\",\n \"CVE-2021-36980\"\n );\n script_xref(name:\"RHSA\", value:\"2021:3758\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.9.0 packages and (RHSA-2021:3758)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:3758 advisory.\n\n - jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the\n WEB-INF directory (CVE-2021-28169)\n\n - golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n - jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)\n\n - openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action\n (CVE-2021-36980)\n\n - coreos-installer: restrict access permissions on /boot/ignition{,/config.ign} (CVE-2021-3917)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-34428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1971016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1984473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2018478\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28169\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3917\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 276, 400, 416, 613);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:coreos-installer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:coreos-installer-bootinfra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:network-scripts-openvswitch2.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch2.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch2.15-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch2.15-ipsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openvswitch2.15-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-openvswitch2.15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/s390x/rhocp/4.9/debug',\n 'content/dist/layered/rhel8/s390x/rhocp/4.9/os',\n 'content/dist/layered/rhel8/s390x/rhocp/4.9/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.9/debug',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.9/os',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.9/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'coreos-installer-0.10.0-2.rhaos4.9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'coreos-installer-bootinfra-0.10.0-2.rhaos4.9.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'jenkins-2.289.3.1630554997-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'network-scripts-openvswitch2.15-2.15.0-28.el8fdp', 'release':'8', 'el_string':'el8fdp', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'openshift-hyperkube-4.9.0-202110080828.p0.git.894a78b.assembly.stream.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'openvswitch2.15-2.15.0-28.el8fdp', 'release':'8', 'el_string':'el8fdp', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'openvswitch2.15-devel-2.15.0-28.el8fdp', 'release':'8', 'el_string':'el8fdp', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'openvswitch2.15-ipsec-2.15.0-28.el8fdp', 'release':'8', 'el_string':'el8fdp', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'openvswitch2.15-test-2.15.0-28.el8fdp', 'release':'8', 'el_string':'el8fdp', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'python3-openvswitch2.15-2.15.0-28.el8fdp', 'release':'8', 'el_string':'el8fdp', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.9/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.9/os',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.9/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.9/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.9/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.9/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openshift-hyperkube-4.9.0-202110080828.p0.git.894a78b.assembly.stream.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'coreos-installer / coreos-installer-bootinfra / jenkins / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2022-08-10T07:20:23", "description": "\nMultiple vulnerabilities were discovered in Jetty, a Java servlet engine\nand webserver which could result in cross-site scripting, information\ndisclosure, privilege escalation or denial of service.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.4.16-0+deb10u1.\n\n\nWe recommend that you upgrade your jetty9 packages.\n\n\nFor the detailed security status of jetty9 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/jetty9](https://security-tracker.debian.org/tracker/jetty9)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-04T00:00:00", "type": "osv", "title": "jetty9 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10247", "CVE-2020-27216", "CVE-2021-28169", "CVE-2021-28165", "CVE-2020-27223", "CVE-2021-34428", "CVE-2019-10241"], "modified": "2022-08-10T07:20:11", "id": "OSV:DSA-4949-1", "href": "https://osv.dev/vulnerability/DSA-4949-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-21T08:15:28", "description": "\nSeveral vulnerabilities were discovered in jetty, a Java servlet\nengine and webserver. An attacker may reveal cryptographic credentials\nsuch as passwords to a local user, disclose installation paths, hijack\nuser sessions or tamper with collocated webapps.\n\n\n* [CVE-2017-9735](https://security-tracker.debian.org/tracker/CVE-2017-9735)\nJetty is prone to a timing channel in util/security/Password.java,\n which makes it easier for remote attackers to obtain access by\n observing elapsed times before rejection of incorrect passwords.\n* [CVE-2018-12536](https://security-tracker.debian.org/tracker/CVE-2018-12536)\nOn webapps deployed using default Error Handling, when an\n intentionally bad query arrives that doesn't match a dynamic\n url-pattern, and is eventually handled by the DefaultServlet's\n static file serving, the bad characters can trigger a\n java.nio.file.InvalidPathException which includes the full path to\n the base resource directory that the DefaultServlet and/or webapp\n is using. If this InvalidPathException is then handled by the\n default Error Handler, the InvalidPathException message is\n included in the error response, revealing the full server path to\n the requesting system.\n* [CVE-2019-10241](https://security-tracker.debian.org/tracker/CVE-2019-10241)\nThe server is vulnerable to XSS conditions if a remote client USES\n a specially formatted URL against the DefaultServlet or\n ResourceHandler that is configured for showing a Listing of\n directory contents.\n* [CVE-2019-10247](https://security-tracker.debian.org/tracker/CVE-2019-10247)\nThe server running on any OS and Jetty version combination will\n reveal the configured fully qualified directory base resource\n location on the output of the 404 error for not finding a Context\n that matches the requested path. The default server behavior on\n jetty-distribution and jetty-home will include at the end of the\n Handler tree a DefaultHandler, which is responsible for reporting\n this 404 error, it presents the various configured contexts as\n HTML for users to click through to. This produced HTML includes\n output that contains the configured fully qualified directory base\n resource location for each context.\n* [CVE-2020-27216](https://security-tracker.debian.org/tracker/CVE-2020-27216)\nOn Unix like systems, the system's temporary directory is shared\n between all users on that system. A collocated user can observe\n the process of creating a temporary sub directory in the shared\n temporary directory and race to complete the creation of the\n temporary subdirectory. If the attacker wins the race then they\n will have read and write permission to the subdirectory used to\n unpack web applications, including their WEB-INF/lib jar files and\n JSP files. If any code is ever executed out of this temporary\n directory, this can lead to a local privilege escalation\n vulnerability.\n\n\nThis update also includes several other bug fixes and\nimprovements. For more information please refer to the upstream\nchangelog file.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n9.2.30-0+deb9u1.\n\n\nWe recommend that you upgrade your jetty9 packages.\n\n\nFor the detailed security status of jetty9 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/jetty9>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-14T00:00:00", "type": "osv", "title": "jetty9 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9735", "CVE-2019-10247", "CVE-2020-27216", "CVE-2018-12536", "CVE-2019-10241"], "modified": "2022-07-21T05:53:44", "id": "OSV:DLA-2661-1", "href": "https://osv.dev/vulnerability/DLA-2661-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-11T05:43:41", "description": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-04-23T16:06:02", "type": "osv", "title": "Cross-site Scripting in Eclipse Jetty", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241"], "modified": "2023-03-11T05:43:40", "id": "OSV:GHSA-7VX9-XJHR-RW6H", "href": "https://osv.dev/vulnerability/GHSA-7vx9-xjhr-rw6h", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-11T05:45:26", "description": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-04-23T16:07:12", "type": "osv", "title": "Installation information leak in Eclipse Jetty", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10247"], "modified": "2023-03-11T05:45:19", "id": "OSV:GHSA-XC67-HJX6-CGG6", "href": "https://osv.dev/vulnerability/GHSA-xc67-hjx6-cgg6", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-12T05:30:26", "description": "### Impact\nIf an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.\n\nThere is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out.\n\n### Workarounds\nThe application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-06-23T20:23:04", "type": "osv", "title": "SessionListener can prevent a session from being invalidated breaking logout", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34428"], "modified": "2023-03-12T05:30:19", "id": "OSV:GHSA-M6CP-VXJX-65J6", "href": "https://osv.dev/vulnerability/GHSA-m6cp-vxjx-65j6", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-16T23:20:47", "description": "### Impact\nWhen Jetty handles a request containing request headers with a large number of \u201cquality\u201d (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application.\n\nThe only features within Jetty that can trigger this behavior are:\n\n- Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc)\n- `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc)\n- `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which \u201cpreferred\u201d language is returned on this call.\n- `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header.\n- `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app)\n\n### Versions\n`QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. \n\nCurrently, known vulnerable versions include:\n\n- 9.4.6.v20170531 thru to 9.4.36.v20210114\n- 10.0.0\n- 11.0.0\n\n### Workarounds\n\nQuality ordered values are used infrequently by jetty so they can be avoided by:\n\n * Do not use the default error page/handler.\n * Do not deploy the `StatisticsServlet` exposed to the network\n * Do not call `getLocale` API\n * Do not enable precompressed static content in the `DefaultServlet` \n\n### Patches\n\nAll patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php)\n- 9.4.37.v20210219 and greater\n- 10.0.1 and greater \n- 11.0.1 and greater", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-10T03:46:47", "type": "osv", "title": "DOS vulnerability for Quoted Quality CSV headers", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2023-02-16T23:20:39", "id": "OSV:GHSA-M394-8RWW-3JR7", "href": "https://osv.dev/vulnerability/GHSA-m394-8rww-3jr7", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-12T05:36:05", "description": "### Impact\nOn Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.\n\nAdditionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable.\n\nAdditionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted.\nSee: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR\n\nFor example:\n```java\nimport java.io.File;\nimport java.io.IOException;\nimport javax.servlet.ServletContext;\nimport javax.servlet.ServletException;\nimport javax.servlet.http.HttpServlet;\nimport javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\n\npublic class ExampleServlet extends HttpServlet {\n @Override\n protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {\n File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised\n // do something with that temp dir\n }\n}\n```\n\nExample: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them.\n\n### CVSSv3.1 Evaluation\n\nThis vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1)\n\n### Patches\nFixes were applied to the 9.4.x branch with:\n- https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb\n- https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f\n\nThese will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3\n\n### Workarounds\n\nA work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system.\nFor recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory).\nAlternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below.\n\nThe Jetty search order for finding a temporary directory is as follows:\n\n1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it.\n2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it.\n3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1)\n4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it.\n5. Use `System.getProperty(\"java.io.tmpdir\")` and use it.\n\nJetty will end traversal at the first successful step.\nTo mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker.\n\n#### Setting a Jetty server temporary directory.\n\nChoices 3 and 5 apply to the server level, and will impact all deployed webapps on the server.\n\nFor choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty.\n\nFor choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty.\n\n``` shell\n[jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar\n```\n\n#### Setting a Context specific temporary directory.\n\nThe rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/<context>.xml`)\n\nExample (excluding the DTD which is version specific):\n\n``` xml\n<Configure class=\"org.eclipse.jetty.webapp.WebAppContext\">\n <Set name=\"contextPath\"><Property name=\"foo\"/></Set>\n <Set name=\"war\">/var/web/webapps/foo.war</Set>\n <Set name=\"tempDirectory\">/var/web/work/foo</Set>\n</Configure>\n```\n\n### References\n \n - https://github.com/eclipse/jetty.project/issues/5451\n - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)\n - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html)\n - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473)\n\n### Similar Vulnerabilities\n\nSimilar, but not the same.\n\n - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp\n - Google Guava - https://github.com/google/guava/issues/4011\n - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945\n - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824\n\n### For more information\n\nThe original report of this vulnerability is below:\n\n> On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh <jonathan.leitschuh@gmail.com> wrote:\n> Hi WebTide Security Team,\n>\n> I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty.\n>\n> https://lgtm.com/query/5615014766184643449/\n>\n> I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users.\n> There exists a race condition between the deletion of the temporary file and the creation of the directory.\n>\n> ```java\n> // ensure file will always be unique by appending random digits\n> tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated\n> // delete the file that was created\n> tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty.\n> // and make a directory of the same name\n> // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory\n> tmpDir.mkdirs();\n> ```\n>\n> https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518\n>\n> In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback.\n>\n>\n> https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468\n>\n> If any code is ever executed out of this temporary directory, this can lead to a local privilege\u00a0escalation vulnerability.\n>\n> Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there?\u00a0https://github.com/eclipse/jetty.project/security/advisories\n>\n> **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.**\n>\n> Cheers,\n> Jonathan Leitschuh\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-04T17:50:24", "type": "osv", "title": "Local Temp Directory Hijacking Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15824", "CVE-2020-1945", "CVE-2020-27216"], "modified": "2023-03-12T05:36:00", "id": "OSV:GHSA-G3WG-6MCF-8JJ6", "href": "https://osv.dev/vulnerability/GHSA-g3wg-6mcf-8jj6", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-23T21:45:09", "description": "## Summary\n\nFix for (CVE-2019-10241) and (CVE-2019-10247). \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2019-10241_](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION:** Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/160676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID**: [_CVE-2019-10247_](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/160610_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Network Performance Insight: 1.3.0.0\n\n## Remediation/Fixes\n\n1.3.0.0-TIV-NPI-IF0005 \n\nFix Central link: [_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.0.0-TIV-NPI-IF0005&source=SAR_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.0.0-TIV-NPI-IF0005&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-07-24T03:15:01", "type": "ibm", "title": "Security Bulletin: IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10247"], "modified": "2019-07-24T03:15:01", "id": "F9336FFC545BDCFCB6E2911A06416BD29601F97D9670FD8B6FE980BAB262EA22", "href": "https://www.ibm.com/support/pages/node/959429", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:36:02", "description": "## Summary\n\nThere are multiple vulnerabilities in Eclipse Jetty that could allow an attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-27218](<https://vulners.com/cve/CVE-2020-27218>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject data into the body of the subsequent request. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Products/Versions guidance:**\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nIBM Process Mining| 1.12.0.3 \n| \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.3| \n\n**Upgrade to version 1.12.0.4** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M05JKML** Process Mining 1.12.0.4 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M05JJML** Process Mining 1.12.0.4 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**:\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2023-02-01T21:46:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27218", "CVE-2021-28169", "CVE-2021-34428"], "modified": "2023-02-01T21:46:34", "id": "654EC4741C192A4D4B8ACB967C8C2D31BEFC1442C9B7DCC262604FE1AE69DF3B", "href": "https://www.ibm.com/support/pages/node/6574041", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-23T21:41:58", "description": "## Summary\n\nEclipse Jetty contains vulnerabilities that may allow a remote attacker to obtain sensitive information, cause execution of scripts without their knowledge and experience denial of service attacks.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2019-10241_](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION:** Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/160676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID**: [_CVE-2019-10247_](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/160610_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \n**DESCRIPTION:** Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nRPT versions 8.6, 8.7, 9.0, 9.1, 9.2, 9.5.\n\n## Remediation/Fixes\n\nUpgrading to RPT version 10.0 is strongly recommended.\n\nProduct | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \nRPT | 9.5 | None | Download \n<https://download4.boulder.ibm.com/sar/CMA/RAA/08cfc/0/RPTRST_PSIRT16274_9500UpdateSite.zip> \nRPT | 9.2.1.1 | None | Download \n<https://download4.boulder.ibm.com/sar/CMA/RAA/08cfa/0/RPTRST_PSIRT16274_9211UpdateSite.zip> \nRPT | 9.1.1.1 | None | Download \n<https://download4.boulder.ibm.com/sar/CMA/RAA/08cf7/0/RPTRST_PSIRT16274_9111UpdateSite.zip> \nRPT | 9.0 | None | Upgrade to version 10.0 \nRPT | 8.7 | None | Upgrade to version 10.0 \nRPT | 8.6 | None | Upgrade to version 10.0 \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-12-16T16:01:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Performance Tester", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247"], "modified": "2019-12-16T16:01:20", "id": "A286BD77B3C7FBE86C2323B3D9F433CB3B367EDDC062CD70A992ABBC521C41B7", "href": "https://www.ibm.com/support/pages/node/957497", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-23T21:36:33", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in May 2018 and Jetty Server update in May 2019.\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \nDescription: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160676> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\nCVE-ID: [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>)\n\nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.\n\nCVSS Base Score: 5.3\n\nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for more information\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\nCVE-ID: [CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>)\n\nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.\n\nCVSS Base Score: 5.3\n\nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160610> for more information\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nConnect:Direct Browser User Interface 1.5.0.2 through 1.5.0.2 iFix24\n\n## Remediation/Fixes\n\n**Sterling Connect:Direct Browser User Interface**\n\n| \n\n1.5.0.2\n\n| \n\niFix25\n\n| \n\n[Fix Central - 1.5.0.2](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~Other%20software~Sterling%20Connect:Direct%20Browser%20User%20Interface&query.release=1.5.0.2&query.platform=All>) \n \n---|---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-06-23T16:36:10", "type": "ibm", "title": "Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247"], "modified": "2022-06-23T16:36:10", "id": "0CDA7C10442B705C677D939E4525A0FD2BF6C2E3CCD7C1AC57DA125C095DD3F3", "href": "https://www.ibm.com/support/pages/node/1073978", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-24T01:37:09", "description": "## Summary\n\nThree Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure Proxy.\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \nDescription: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160676> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\nCVE-ID: [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \nCVE-ID: [CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160610> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Secure Proxy 6.0.0.0 through 6.0.0.1\n\nIBM Sterling Secure Proxy 3.4.3 through 3.4.3.2 iFix 5\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_How to acquire fix_** \n \n---|---|---|--- \n \nIBM Secure Proxy\n\n| \n\n6.0.0.1\n\n| \n\niFix 1\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.0.0&platform=All&function=all>) \n \nIBM Sterling Secure Proxy\n\n| \n\n3.4.3.2\n\n| \n\niFix 6\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure Proxy Summary", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247"], "modified": "2020-07-24T22:19:08", "id": "1A030187296C45282C7919058ADD8AA1992811C3B3D7481CF22AA0E13A7F5096", "href": "https://www.ibm.com/support/pages/node/1095826", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-24T01:37:07", "description": "## Summary\n\nThree Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure External Authentication Server.\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \nDescription: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160676> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\nCVE-ID: [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \nCVE-ID: [CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160610> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Secure External Authentication Server 6.0.0.0 through 6.0.0.1\n\nIBM Sterling Secure External Authentication Server 2.4.3 through 2.4.3.2 iFix 5\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_How to acquire fix_** \n \n---|---|---|--- \n \nIBM Secure External Authentication Server\n\n| \n\n6.0.0.1\n\n| \n\niFix 1\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.0.0&platform=All&function=all>) \n \nIBM Sterling Secure External Authentication Server\n\n| \n\n2.4.3.2\n\n| \n\niFix 6\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure External Authentication Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247"], "modified": "2020-07-24T22:19:08", "id": "2DD33EDACA0BB82F4B5458A08C6886655FE63C68C3DB81837B804B712F21638E", "href": "https://www.ibm.com/support/pages/node/1095838", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:43:41", "description": "## Summary\n\nThere are vulnerabilities in various versions of Eclipse Jetty that affect Apache Solr. The vulnerabilities are in Vulnerability Details section.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLog Analysis| 1.3.1 \nLog Analysis| 1.3.2 \n \nLog Analysis| 1.3.3 \n \nLog Analysis| 1.3.4 \n \nLog Analysis| 1.3.5 \n \nLog Analysis| 1.3.6 \n \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s) :| Fix details \n---|--- \nIBM Operations Analytics - Log Analysis version 1.3.x| Upgrade to Log Analysis version 1.3.7 \nDownload the 1.3.7-TIV-IOALA-FP [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=all> \"here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-20T06:01:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Apache Solr shipped with IBM Operations Analytics - Log Analysis", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247"], "modified": "2021-04-20T06:01:01", "id": "FF60AB2CCC42CBF13C1B6FA8A219EC72D17B3DCC11F28A2485862DCCD8A4C2EC", "href": "https://www.ibm.com/support/pages/node/6445357", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T21:36:10", "description": "## Summary\n\nIBM Security Verify Governance is vulnerable to multiple security threats due to vulnarabilities in Eclipse Jetty (CVE-2019-10247, CVE-2021-34428, CVE-2017-7656, CVE-2019-10241, CVE-2021-28169, CVE-2017-7657, CVE-2017-7658, CVE-2016-4800, CVE-2020-27223, CVE-2022-2047). The fixed version linked below removes Jetty JARs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-4800](<https://vulners.com/cve/CVE-2016-4800>) \n** DESCRIPTION: **Jetty could allow a remote attacker to bypass security restrictions, caused by a n implementation error in the path normalization mechanism when parsing URL requests. By sending a specially crafted request containing specific escaped characters, an attacker could exploit this vulnerability to gain access to restricted resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2047](<https://vulners.com/cve/CVE-2022-2047>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Verify Governance| 10.0 \n \n\n\n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\nAffected Product(s)\n\n| \n\nVersion(s)\n\n| \n\nFirst Fix \n \n---|---|--- \n \nIBM Security Verify Governance\n\n| \n\n10.0.1\n\n| \n\n[10.0.1.0-ISS-ISVG-IGVA-FP0003](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.1.0&platform=All&function=fixId&fixids=10.0.1.0-ISS-ISVG-IGVA-FP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-11T08:08:02", "type": "ibm", "title": "Security Bulletin: IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4800", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27223", "CVE-2021-28169", "CVE-2021-34428", "CVE-2022-2047"], "modified": "2023-01-11T08:08:02", "id": "CC955D63C5A677B05E118A898E1FA6F660887714CEC0064650D28CE42265F548", "href": "https://www.ibm.com/support/pages/node/6854577", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:44:01", "description": "## Summary\n\nMultiple vulnerabilities in Eclipse Jetty were addressed by IBM InfoSphere Information Server. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION:** Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160610> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \n**DESCRIPTION:** Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION:** Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160676> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>) \n**DESCRIPTION:** Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161491> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server : versions 11.3, 11.5, 11.7\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [_JR61098_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61098>) | \\--Upgrade your Update Installer to [_version 11.7.1.41_](<https://www-01.ibm.com/support/docview.wss?uid=swg24038034>) or later \n\\--Apply InfoSphere Information Server version [_11.7.1.0_](<https://www.ibm.com/support/docview.wss?uid=ibm10878310>) \n\\--Apply InfoSphere Information Server _[11.7.1.0 Service Pack 1](<http://www.ibm.com/support/docview.wss?uid=ibm10957209>)_ \n\\--Apply InfoSphere _[DataStage Flow Designer July 2019 patch](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FIBM+InfoSphere+Information+Server&fixids=is11710_July2019_DFD_services_engine_multi&source=SAR&function=fixId&parent=ibm/Information%20Management>)_ \n \n \nInfoSphere Information Server, Information Server on Cloud | 11.5 | [_JR61098_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61098>) | \\--Upgrade your Update Installer to [_version 11.7.1.41_](<https://www-01.ibm.com/support/docview.wss?uid=swg24038034>) or later \nInfoSphere Information Server | 11.3 | [_JR61098_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61098>) | \\--Upgrade to a new release where the issue has been addressed \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T19:44:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12545", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247"], "modified": "2019-09-11T19:44:06", "id": "1DC9078E2D1CA7D5784B1FC9BDA067B8531DD5665DE952284FBF28A882CBE820", "href": "https://www.ibm.com/support/pages/node/887123", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:41:57", "description": "## Summary\n\nEclipse Jetty contains vulnerabilities that may allow a remote attacker to obtain sensitive information, cause execution of scripts without their knowledge and experience denial of service attacks.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2019-10241_](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION:** Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/160676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID**: [_CVE-2019-10247_](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/160610_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \n**DESCRIPTION:** Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID: **[CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>) \n**DESCRIPTION: ** Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161491> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nRST versions 8.6, 8.7, 9.0, 9.1, 9.2, 9.5.\n\n## Remediation/Fixes\n\nUpgrading to RST version 10.0 is strongly recommended.\n\nProduct | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \nRST | 9.5 | None | Download \n<https://download4.boulder.ibm.com/sar/CMA/RAA/08cfc/0/RPTRST_PSIRT16274_9500UpdateSite.zip> \nRST | 9.2.1.1 | None | Download \n<https://download4.boulder.ibm.com/sar/CMA/RAA/08cfa/0/RPTRST_PSIRT16274_9211UpdateSite.zip> \nRST | 9.1.1.1 | None | Download \n<https://download4.boulder.ibm.com/sar/CMA/RAA/08cf7/0/RPTRST_PSIRT16274_9111UpdateSite.zip> \nRST | 9.0 | None | Upgrade to version 10.0 \nRST | 8.7 | None | Upgrade to version 10.0 \nRST | 8.6 | None | Upgrade to version 10.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-16T16:05:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Service Tester", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12545", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247"], "modified": "2019-12-16T16:05:48", "id": "7AF5E457957D525BF4860A192FFBA4A63C528432C2CE1B5DDAC50B96EBBF9A8E", "href": "https://www.ibm.com/support/pages/node/957529", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:36:33", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in May 2019\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \nCVE-ID: [CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \nDescription: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160610> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \nCVE-ID: [CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \nDescription: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160676> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n \nCVE-ID: [CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>) \nDescription: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161491> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-2602](<https://vulners.com/cve/CVE-2019-2602>) \nDescription: A flaw in the java.math.BigDecimal API causes hangs when parsing certain String values. This potentially allows an attacker to inflict a denial-of-service. \nThe fix ensures that all Strings are parsed promptly. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/159698> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Connect:Direct Web Services from version 5.3 to 6.0.0.3\n\n## Remediation/Fixes\n\n**Product** | **VRMF** | **Fix Central** \n---|---|--- \nIBM Connect:Direct Web Services | 5.3 - 6.0.0.3 | [Fix Central - ](<https://www-945.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services>)6.0.0.4 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-23T16:36:10", "type": "ibm", "title": "Security Bulletin: Multiple Java Vulnerabilities Affect IBM Connect:Direct Web Services", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12545", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-2602"], "modified": "2022-06-23T16:36:10", "id": "A2986B3F1E7D262A7D84A42B3E6305CB140E7761D5A0E56DB1A501FFE61D4E56", "href": "https://www.ibm.com/support/pages/node/1077195", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:40:32", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 6 and IBM\u00ae Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2019.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Content Classification| 8.8 \n \n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Classification| 8.8| Use IBM Content Classification 8.8.0.3[Interim Fix 0019](<https://www.ibm.com/support/fixcentral/> \"Interim Fix 0019\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-11-27T21:01:15", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241"], "modified": "2020-11-27T21:01:15", "id": "CA7B69C6C25B5CD3E67C5E490475138F56E88AC0B9EF3B3DB16A58692CDC85F8", "href": "https://www.ibm.com/support/pages/node/1283758", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-27T21:47:18", "description": "## Summary\n\nIBM Rational Performance Tester is affected by an Eclipse Jetty vulnerability than can allow a local authenticated user to gain eleved privileges on the system. By sending a specially-crafted request, an authenticated user could exploit this vulnerability to gain elevated privileges.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRPT| 9.5 \nRPT| 10.0 \nRPT| 10.1 \n \n\n\n## Remediation/Fixes\n\nUpgrading to IBM Rational Performance Tester version 10.1.2 is strongly recommended. \n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nRPT| 9.5| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/09f5z/0/PSIRT28030-ifix.zip> \nRPT| 10.0| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/09f5z/0/PSIRT28030-ifix.zip> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-25T11:28:26", "type": "ibm", "title": "Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Performance Tester (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-01-25T11:28:26", "id": "8DF333F79E75C38BAF5D10978D2A5980C7BCD16722EBEF4A77847AA9601A851D", "href": "https://www.ibm.com/support/pages/node/6407836", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:47:19", "description": "## Summary\n\nIBM Rational Service Tester is vulnerable to Eclipse Jetty possibly allowing a local authenticated user to gain elevated privilegs on the system. By sending a specially-crafted request, an authenticated user could exploit this vulrnerability to gain elevated privileges.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRST| 9.5 \nRST| 10.0 \nRST| 10.1 \n \n\n\n## Remediation/Fixes\n\nUpgrading to IBM Rational Service Tester version 10.1.2 is strongly recommended. \n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nRST| 9.5| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/09f62/0/PSIRT28030-ifix.zip> \nRST| 10.0| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/09f62/0/PSIRT28030-ifix.zip> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-25T13:53:14", "type": "ibm", "title": "Security Bulletin: A vulnerability in Eclipse Jetty affects IBM Rational Service Tester (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-01-25T13:53:14", "id": "2C070ACA838DF756EF2C6663B3A4CC8D6546936B4E9067A8CC8F4E89004415FB", "href": "https://www.ibm.com/support/pages/node/6407856", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:47:38", "description": "## Summary\n\nA vulnerability allowing Eclipse Jetty to gain elevated privileges was addressed by IBM Sterling Secure Proxy.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Secure Proxy| 6.0.0 Through 6.0.1.1 iFix 2 \nIBM Sterling Secure Proxy| 3.4.3 through 3.4.3.2 iFix 9 \n \n\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| \n\n**_How to acquire fix_** \n \n---|---|---|--- \n \n_IBM Secure Proxy_\n\n| \n\n_6.0.1.1_\n\n| \n\n_iFix 3_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.1.1&platform=All&function=all>) \n \n_IBM Sterling Secure Proxy_\n\n| \n\n_3.4.3.2_\n\n| \n\n_iFix 10_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-08T23:08:46", "type": "ibm", "title": "Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Sterling Secure Proxy (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-01-08T23:08:46", "id": "F3E9AF17DCD2EBC47BC32D0E05B6ACDCBFDDAF3EB47FFAC93CFD0FEBBBC04F7E", "href": "https://www.ibm.com/support/pages/node/6398772", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:48:41", "description": "## Summary\n\nEclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Content Classification| 8.8 \n \n\n\n## Remediation/Fixes\n\n**_Product_** | **_VRMF_**| **_Remediation/First Fix_** \n---|---|--- \nIBM Content Classification| 8.8.0.3| Apply Interim Fix **8.8.0.3 IF0019**,available from [Fix Central](<http://www.ibm.com/support/fixcentral/>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-27T18:41:02", "type": "ibm", "title": "Security Bulletin: Eclipse Jetty (Publicly disclosed vulnerability) affects Content Classifaction", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2020-11-27T18:41:02", "id": "3E7141042BE5B9E1A55ADA05F6035C03E394EF7DC2BDEDF57AEB4C33DF04D003", "href": "https://www.ibm.com/support/pages/node/6373292", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:47:38", "description": "## Summary\n\nA vulnerability allowing Eclipse Jetty to gain elevated privileges was addressed by IBM Sterling Secure External Authentication Server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM External Authentication Server| 6.0.0 through 6.0.1.1 iFix 2 \nIBM Sterling External Authentication Server| 2.4.3 through 2.4.3.2 iFix 9 \n \n\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nIBM Secure External Authentication Server\n\n| \n\n6.0.1.1\n\n| \n\n_iFix 3_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.1.1&platform=All&function=all>) \n \nIBM Sterling External Authentication Server\n\n| \n\n2.4.3.2\n\n| \n\n_iFix 10_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-08T23:10:25", "type": "ibm", "title": "Security Bulletin: An Eclipse Jetty Vulnerability Affects IBM Sterling Secure External Authentication Server (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-01-08T23:10:25", "id": "A104F357C85C98F8863EC17E0968EE2F520A9E4DA3A10DBF1287F2CDE17AFD04", "href": "https://www.ibm.com/support/pages/node/6398776", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:47:14", "description": "## Summary\n\nIBM Rational Functional Tester is affected by an Eclipse Jetty vulnerability that can allow a local authenticated user to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated user could exploit this vulnerability to gain elevated privileges.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRFT| 9.5 \nRFT| 10.0 \nRFT| 10.1 \n \n\n\n## Remediation/Fixes\n\nUpgrading to IBM Rational Functional Tester version 10.1.2 is strongly recommended. \n\n**Product **| **Version**| **APAR**| **Remediation/ Fix** \n---|---|---|--- \nRFT| 9.5| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/09f5f/0/PSIRT28030-ifix.zip> \nRFT| 10.0| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/09f5f/0/PSIRT28030-ifix.zip> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-27T17:25:49", "type": "ibm", "title": "Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-01-27T17:25:49", "id": "101D9839DC4D3A67F5CA5070D8255AEF01378A1F2F94126A2F00868A71C2B71A", "href": "https://www.ibm.com/support/pages/node/6409060", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:57:09", "description": "## Summary\n\nEclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Control Center| 6.2.0.0 \n \n\n\n## Remediation/Fixes\n\n**Product** | \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.2.0.0\n\n| \n\niFix08\n\n| \n\n[Fix Central - 6.2.0.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-14T21:20:10", "type": "ibm", "title": "Security Bulletin: Eclipse Jetty Vulnerability Affects IBM Control Center (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-05-14T21:20:10", "id": "AB595BAD745ACCEB2CA1F5A7FC0DC9717FFDD74D2EEC460390003F7C91DD4FFD", "href": "https://www.ibm.com/support/pages/node/6453457", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:36:07", "description": "## Summary\n\nThere is a vulnerability in Eclipse Jetty that could allow a local authenticated attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.12.0.3 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.3| \n\n**Upgrade to version 1.12.0.4** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M05JKML** Process Mining 1.12.0.4 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M05JJML** Process Mining 1.12.0.4 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-01T21:25:52", "type": "ibm", "title": "Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2023-02-01T21:25:52", "id": "EAE3626D697DD9AA184F2FB8430E9808A349261E042A2F475F1558DE0474E3B5", "href": "https://www.ibm.com/support/pages/node/6574045", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:46:31", "description": "## Summary\n\nIBM Sterling B2B Integrator has addressed the security vulnerability from Eclipse Jetty.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| APAR(s)| Version(s) \n---|---|--- \nIBM Sterling B2B Integrator| IT35458| 5.2.0.0 - 5.2.6.5_4 \nIBM Sterling B2B Integrator| IT35458| 6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4 \nIBM Sterling B2B Integrator| IT35458| 6.1.0.0 - 6.1.0.3 \n \n\n\n## Remediation/Fixes\n\nProduct & Version| Remediation & Fix \n---|--- \n5.2.0.0 - 5.2.6.5_4| Apply IBM Sterling B2B Integrator version 6.0.0.7, 6.0.3.5 or 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4| Apply IBM Sterling B2B Integrator version 6.0.0.7, 6.0.3.5 or 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.1.0.0 - 6.1.0.3| Apply IBM Sterling B2B Integrator version 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T14:58:22", "type": "ibm", "title": "Security Bulletin: Eclipse Jetty Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2022-05-13T14:58:22", "id": "EB9C97E1767E99DB5972AA6DB53446FFC1D2256CC95E283AD514F18189053A41", "href": "https://www.ibm.com/support/pages/node/6496807", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:56:04", "description": "## Summary\n\nA security vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used by Jetty versions 9.4.14 is affecting IBM Rational Synergy.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Rational Synergy 7.2.2, 7.2.2.1, 7.2.2.2.\n\n \n\n\n## Remediation/Fixes\n\n \n\n\n**Product **| **VRMF**| **APAR**| **Remediation/Fixes** \n---|---|---|--- \nRational Synergy| 7.2.2.3| None| \n\nUpgrade to Rational Synergy 7.2.2.3 from [IBM Passport Advantage](<https://iea-pf-b1p3a.mul.ie.ibm.com/netaccess/loginuser.html> \"IBM Passport Advantage\" ) and apply it.\n\n**NOTE:**\n\nDownload the Rational Synergy 7.2.2.3 installation image by referring to the installation platform and its part number in the following list:\n\n * IBM Rational Synergy V7.2.2.3 Linux Informix Multilingual (CC5T9ML)\n * IBM Rational Synergy V7.2.2.3 Linux Oracle Multilingual (CC5TAML)\n * IBM Rational Synergy V7.2.2.3 Windows Informix Multilingual (CC5TBML) \n \n \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-25T06:42:24", "type": "ibm", "title": "Security Bulletin: Vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 where Rational Synergy is deployed.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-06-25T06:42:24", "id": "75A547F3BA75C8FD5BF5185CE11155B9F37CBC820B9102C0531E0C7785BA8B78", "href": "https://www.ibm.com/support/pages/node/6467059", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:56:03", "description": "## Summary\n\nA security vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 is affecting IBM Rational Change.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Rational Change 5.3.2, 5.3.2.1, 5.3.2.2.\n\n## Remediation/Fixes\n\n \n\n\n**Product**| **VRFM**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nRational Change| 5.3.2.3| None.| \n\nUpgrade to Rational Change 5.3.2.3 supporting Jetty 9.4.35 from [IBM Passport Advantage](<https://iea-pf-b1p3a.mul.ie.ibm.com/netaccess/loginuser.html>) and apply it.\n\n \n\n\n**NOTE**:\n\nDownload the Rational Change 5.3.2.3 installation image by referring to the installation platform and its part number in the following list:\n\n * IBM Rational Change V5.3.2.3 Multi-platform Multilingual (CC5T0ML) - Windows and Linux included. \n \n \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-25T07:01:23", "type": "ibm", "title": "Security Bulletin: Vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 where Rational Change is deployed.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-06-25T07:01:23", "id": "E4A28F8F68186CEA27D3FEB20460BE3334CBCA58BC4385BFB2DAC3333FEF6C4B", "href": "https://www.ibm.com/support/pages/node/6467063", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:47:06", "description": "## Summary\n\nIBM Network Performance Insight1.3.1 affected by Eclipse Jetty vulnerability CVE-2020-27216\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Network Performance Insight| 1.3.1 \n \n\n\n## Remediation/Fixes\n\nNPI 1.3.1 is affected with the vulnerability [CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) and it is resolved in the fix pack ( 1.3.1.1-TIV-NPI-IF0003.1.tgz) available at the fix central at following link. \n\nFix File Name: 1.3.1.1-TIV-NPI-IF0003.1.tgz \nFix available at fix central: \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.1-TIV-NPI-IF0003.1&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.1-TIV-NPI-IF0003.1&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-01T11:01:33", "type": "ibm", "title": "Security Bulletin: IBM Network Performance Insight 1.3.1 affected by Eclipse Jetty vulnerability (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-02-01T11:01:33", "id": "B5F498C2528C0E625760D72F802C203FB63AC6B3CBD1D27268D5F386CC4385CE", "href": "https://www.ibm.com/support/pages/node/6410456", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:41:04", "description": "## Summary\n\nAn issue was found in Eclipse Jetty that is shipped with the MQ Explorer component of IBM MQ.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n**DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.0 \nIBM MQ | 9.1 LTS \nIBM MQ | 9.2 CD \nIBM MQ | 9.2 LTS \n \n## Remediation/Fixes\n\nThis issue is addressed in MQ releases by MQ APAR IT34927\n\n_**IBM MQ 9.0**_\n\n[Apply FixPack 9.0.0.11](<https://www.ibm.com/support/pages/downloading-ibm-mq-90011>) or later\n\n_**IBM MQ 9.1 LTS**_\n\n[Apply FixPack 9.1.0.7](<https://www.ibm.com/support/pages/downloading-ibm-mq-910-older-fix-packs#fp9107>) or later\n\n**IBM MQ 9.2 LTS**\n\n[Apply FixPack 9.2.0.2](<https://www.ibm.com/support/pages/downloading-ibm-mq-920-older-fix-packs#fp9202>) or later\n\n**IBM MQ 9.2 CD**\n\n[Upgrade to IBM MQ 9.2.1](<https://www.ibm.com/support/pages/downloading-ibm-mq-921-continuous-delivery> \"Upgrade to IBM MQ 9.2.1\" ) or newer CD release\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-06T10:58:08", "type": "ibm", "title": "Security Bulletin: IBM MQ is vulnerable to an error within Eclipse Jetty (CVE-2020-27216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2021-10-06T10:58:08", "id": "96B34DECBD5111CA099BBF02896DC500AFE9357A8C64E783BBC560AB34F745F2", "href": "https://www.ibm.com/support/pages/node/6409546", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:55:17", "description": "## Summary\n\nwhen Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy| 7.1.1.1 \nUCD - IBM UrbanCode Deploy| 7.0.5.3 \nUCD - IBM UrbanCode Deploy| 7.1.1.2 \nUCD - IBM UrbanCode Deploy| 7.1.1.0 \nUCD - IBM UrbanCode Deploy| 7.1.0.0 \nUCD - IBM UrbanCode Deploy| 7.0.5.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.3 \nUCD - IBM UrbanCode Deploy| 6.2.7.8 \nUCD - IBM UrbanCode Deploy| 7.0.4.0 \nUCD - IBM UrbanCode Deploy| 6.2.7.9 \nUCD - IBM UrbanCode Deploy| 7.0.3.0 \nUCD - IBM UrbanCode Deploy| All \n \n## Remediation/Fixes\n\nUpgrade to 7.0.5.5, 7.1.2.1, 7.2.0.0\n\n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.0.5.5-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.0.5.5-IBM-UrbanCode-Deploy>) \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.1.2.1-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.1.2.1-IBM-UrbanCode-Deploy>) \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.2.0.0-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.2.0.0-IBM-UrbanCode-Deploy>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-07-30T05:03:40", "type": "ibm", "title": "Security Bulletin: CVE-2020-27223 when Jetty handles a request containing multiple Accept headers the server may enter a denial of service (DoS) state", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2021-07-30T05:03:40", "id": "1AA4611E8CEF92D7DAB3035A8D24E6E9D88F1CF99EEC6736B41463D5EEF4773E", "href": "https://www.ibm.com/support/pages/node/6469935", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:41:02", "description": "## Summary\n\nIBM Security Guardium Insights has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145523](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Guardium Insights| 2.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium Insights| 2.0.1| [https://www.ibm.com/software/passportadvantage/?mhsrc=ibmsearch_a&mhq=pasport%20advantage](<https://www.ibm.com/software/passportadvantage/?mhsrc=ibmsearch_a&mhq=pasport%20advantage>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-06T12:30:35", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium Insights is affected by a Components with known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2018-12536", "CVE-2019-10241", "CVE-2019-10247"], "modified": "2021-10-06T12:30:35", "id": "1816205804EFBBBBB94018144A008A33799E226A9B559AA545872E5FBE25A885", "href": "https://www.ibm.com/support/pages/node/6320063", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T17:44:52", "description": "## Summary\n\nIBM Sterilng B2B Integrator has addressed multiple security vulnerabilities in Jetty.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Sterling B2B Integrator | 5.2.0.0 - 5.2.6.5_1 \nIBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.1 \n \n## Remediation/Fixes\n\n** Product & Version** | ** Remediation & Fix** \n---|--- \n5.2.0.0 - 5.2.6.5_1 | Apply IBM Sterling B2B Integrator version 5.2.6.5_2 or 6.0.3.2 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.0.0.0 - 6.0.3.1 | Apply IBM Sterling B2B Integrator version 6.0.3.2 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T17:07:55", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator (CVE-2018-12545, CVE-2019-10241)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12545", "CVE-2019-10241"], "modified": "2020-07-24T17:07:55", "id": "5EECFC5C8DC24CAFE9B7AB5FC12D78B14281213BEAB82B828C710EEE945957CC", "href": "https://www.ibm.com/support/pages/node/6208027", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:45:36", "description": "## Summary\n\nThere are multiple vulnerabilities in Eclipse Jetty used by Netcool Agile Service Manager. Netcool Agile Service Manager has addressed the applicable CVEs. \n \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION:** Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160610> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \n**DESCRIPTION:** Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nNetcool Agile Service Manager 1.1.3 - 1.1.4\n\n## Remediation/Fixes\n\nUpdate to Netcool Agile Service Manager 1.1.5 \nTo install Netcool Agile Service Manager 1.1.5, you download the installation images from IBM\u00ae Passport Advantage\u00ae. You then follow standard installation procedures, whether you install a new instance of Agile Service Manager, or upgrade an existing version.\n\n**[Download IBM Netcool Agile Service Manager 1.1.5](<http://www-01.ibm.com/support/docview.wss?uid=swg24043717>)**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-07-03T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10246", "CVE-2019-10247"], "modified": "2019-07-03T05:10:01", "id": "1F1DE6AEC253757076B31DD34F214015B5B41FF17747603D8B3DD39A6F27D12D", "href": "https://www.ibm.com/support/pages/node/887913", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:44:35", "description": "## Summary\n\nMultiple vulnerabilities in Eclipse Jetty used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-17638](<https://vulners.com/cve/CVE-2019-17638>) \n**DESCRIPTION: **Eclipse Jetty, as bundled in Jenkins, could allow a remote attacker to obtain sensitive information, caused by an issue with corrupt HTTP response buffer being sent to different clients. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 9.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185436>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) \n \n**CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n**DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server | 11.7 \nInfoSphere Information Server | 11.5 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63436](<http://www.ibm.com/support/docview.wss?uid=swg1JR63436> \"JR6?\" ) \n| \\--Upgrade your Update Installer to [version 11.7.1.85](<https://www-01.ibm.com/support/docview.wss?uid=swg24038034> \"version 11.7.1.83\" ) or later \n \n\\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply InfoSphere Information Server version [11.7.1.1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n\\--Apply [Information Server 11.7.1.1 Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> \"Information Server 11.7.1.1 Service Pack 1\" ) \n \n \n\\--For Red Hat 8 installations, contact IBM Customer Support \n \nInfoSphere Information Server, Information Server on Cloud | 11.5 | [JR63436](<http://www.ibm.com/support/docview.wss?uid=swg1JR63436> \"JR6?\" ) \n| \\--Upgrade your Update Installer to [version 11.7.1.85](<https://www-01.ibm.com/support/docview.wss?uid=swg24038034> \"version 11.7.1.83\" ) or later \n \n**Contact Technical Support:** \nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html>) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.5}, "published": "2021-04-01T20:09:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17638", "CVE-2020-27216"], "modified": "2021-04-01T20:09:47", "id": "9B7484C34C9F34F0426B6E8110F51B91DBBF139DD14849DC744E1B348D2F480F", "href": "https://www.ibm.com/support/pages/node/6436411", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:35:58", "description": "## Summary\n\nThere is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.12.0.3 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.3| \n\n**Upgrade to version 1.12.0.4** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M05JKML** Process Mining 1.12.0.4 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M05JJML** Process Mining 1.12.0.4 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-01T21:57:48", "type": "ibm", "title": "Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223", "CVE-2021-28169"], "modified": "2023-02-01T21:57:48", "id": "72E563FF799565BA0BAC30781F2F7618D43BA295DE1DABC0839C7F0ECB363255", "href": "https://www.ibm.com/support/pages/node/6574049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:55:50", "description": "## Summary\n\nSecurity vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP3.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-27218](<https://vulners.com/cve/CVE-2020-27218>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject data into the body of the subsequent request. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID: **[CVE-2021-20461](<https://vulners.com/cve/CVE-2021-20461>) \n**DESCRIPTION: **IBM Cognos Analytics is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196770>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2019-17632](<https://vulners.com/cve/CVE-2019-17632>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the error messages to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172261](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172261>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n**DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-17638](<https://vulners.com/cve/CVE-2019-17638>) \n**DESCRIPTION: **Eclipse Jetty, as bundled in Jenkins, could allow a remote attacker to obtain sensitive information, caused by an issue with corrupt HTTP response buffer being sent to different clients. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 9.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185436>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) \n \n**CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145523](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2017-9735](<https://vulners.com/cve/CVE-2017-9735>) \n**DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-10246](<https://vulners.com/cve/CVE-2019-10246>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2020-28491](<https://vulners.com/cve/CVE-2020-28491>) \n**DESCRIPTION: **FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of byte buffer flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a java.lang.OutOfMemoryError exception resulting in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197038](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197038>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.1\n\nIBM Cognos Analytics 11.0\n\n## Remediation/Fixes\n\n**For IBM Cognos Analytics 11.1.x : **\n\nThe recommended solution is to apply the fix for the versions listed as soon as practical.\n\n[IBM Cognos Analytics 11.1.7 FP3](<https://www.ibm.com/support/pages/node/6454111> \"IBM Cognos Analytics 11.1.7 FP3\" )\n\n**For IBM Cognos Analytics 11.0.x:**\n\nThe recommended solution is to apply the latest available version of IBM Cognos Analytics 11.0.x.\n\n[IBM Cognos Analytics 11.0.13 Fix Pack 4](<https://www.ibm.com/support/pages/node/6402561> \"IBM Cognos Analytics 11.0.13 Fix Pack 4\" )\n\nApplicable vulnerabilities have already been addressed in IBM Cognos Analytics 11.2.0 prior to GA release\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-29T23:59:31", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-12536", "CVE-2018-12545", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-17632", "CVE-2019-17638", "CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223", "CVE-2020-28491", "CVE-2021-20461", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165"], "modified": "2021-06-29T23:59:31", "id": "573F294E16A1C9B7682B48604209232E9D20CDAD4F9D09F633AA855F804E24CD", "href": "https://www.ibm.com/support/pages/node/6466729", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:51:29", "description": "## Summary\n\nMultiple issues were identified in Eclipse Jetty that IBM MQ Explorer uses and is affected by.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n**DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.0 LTS \nIBM MQ | 9.1 LTS \nIBM MQ | 9.2 LTS \nIBM MQ | 9.1 CD \nIBM MQ | 9.2 CD \n \n## Remediation/Fixes\n\n**IBM MQ 9.0 LTS**\n\nThis issue has been resolved under APAR IT36791\n\n[Apply FixPack 9.0.0.12](<https://www.ibm.com/support/pages/node/6493787> \"Apply FixPack 9.0.0.12\" )\n\n**IBM MQ 9.1 LTS**\n\nThis issue has been resolved under APAR IT38605\n\n[Apply FixPack 9.1.0.10](<https://www.ibm.com/support/pages/downloading-ibm-mq-91010>)\n\n**IBM MQ 9.2 LTS**\n\nThis issue has been resolved under APAR IT38604\n\n[Apply FixPack 9.2.0.4](<https://www.ibm.com/support/pages/node/6514427> \"Apply FixPack 9.2.0.4\" )\n\n**IBM MQ 9.1 CD and 9.2 CD**\n\nThis issue has been resolved under APAR IT29154\n\n[Upgrade to IBM MQ 9.2.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-924-continuous-delivery>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-12-17T17:19:13", "type": "ibm", "title": "Security Bulletin: IBM MQ is vulnerable to multiple Jetty vulnerabilities (CVE-2021-34428, CVE-2021-34429, CVE-2021-28169)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2021-12-17T17:19:13", "id": "DC598384160FFCC4F7196BB511E6CD474F036CD26C81C27C5E29EC3E0F1BA6FD", "href": "https://www.ibm.com/support/pages/node/6527232", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:37:55", "description": "## Summary\n\nIBM Sterilng B2B Integrator has addressed multiple security vulnerabilities in Eclipse Jetty.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.5, 6..1.1.0 - 6.1.1.1 \n \n## Remediation/Fixes\n\n**Product**| **Version**| **APAR**| **Remediation & Fix** \n---|---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6| IT38890| Apply 6.0.3.7, 6.1.0.6, 6.1.1.2 or 6.1.2.0 \nIBM Sterling B2B Integrator| \n\n6.1.0.0 - 6.1.0.5\n\n6.1.1.0 - 6.1.1.1\n\n| \n\nIT38890\n\n| Apply 6.1.0.6, 6.1.1.2 or 6.1.2.0 \n \nThe version 6.0.3.7 , 6.1.0.6 and 6.1.1.2 are available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>). The IIM version of 6.1.2.0 is available in IBM Passport Advantage. The container version of 6.1.2.0 is available in IBM Entitled Registry with following tags. \n\ncp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.0 for IBM Sterling B2B Integrator \ncp.icr.io/cp/ibm-sfg/sfg:6.1.2.0 for IBM Sterling File Gateway\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-17T13:12:51", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Eclipse Jetty", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-10-17T13:12:51", "id": "0AB88FA1BA9F4B3BD14275985B23E53577C278963878E2CBA53AD9C0D4A67860", "href": "https://www.ibm.com/support/pages/node/6829867", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:55:37", "description": "## Summary\n\nIBM Security SOAR includes an older version of Eclipse Jetty that may be identified and exploited.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nResilient OnPrem| IBM Security SOAR \n \n\n\n## Remediation/Fixes\n\nUsers must upgrade to v41.0 or higher of IBM Resilient in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the \"**Upgrade Procedure**\" section in the [IBM Documentation](<https://www.ibm.com/docs/en/rsoa-and-rp/41?topic=guide-upgrade-procedure> \"IBM Documentation\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-14T18:24:26", "type": "ibm", "title": "Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223", "CVE-2021-28163", "CVE-2021-28165"], "modified": "2021-07-14T18:24:26", "id": "AA9924D97A331BFEF405C5965F86807ACBF07005A06B3D61D1E7556C355A7841", "href": "https://www.ibm.com/support/pages/node/6472057", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:55:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29725](<https://vulners.com/cve/CVE-2021-29725>) \n** DESCRIPTION: **IBM Sterling Secure Proxy could allow a remote user to consume resources causing a denial of service due to a resource leak. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201102](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201102>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-27218](<https://vulners.com/cve/CVE-2020-27218>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject data into the body of the subsequent request. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Secure Proxy| 6.0.2 \nIBM Secure Proxy| 6.0.1 \nIBM Sterling Secure Proxy| 3.4.3.2 \n \n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nIBM Secure Proxy\n\n| \n\n6.0.2.0\n\n| \n\n_iFix 2_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.2.0&platform=All&function=all>) \n \nIBM Secure Proxy\n\n| \n\n6.0.1.1\n\n| \n\n_iFix 4_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.1.1&platform=All&function=all>) \n \nIBM Sterling Secure Proxy\n\n| \n\n3.4.3.2\n\n| \n\n_iFix 11_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-30T05:06:05", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13956", "CVE-2020-27218", "CVE-2020-27223", "CVE-2021-29725"], "modified": "2021-07-30T05:06:05", "id": "B0FF85DCDE8644B3484BD6CF258480DD40154E7BDFEEDF7A128BF747F3AC618F", "href": "https://www.ibm.com/support/pages/node/6471577", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T01:55:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29725](<https://vulners.com/cve/CVE-2021-29725>) \n** DESCRIPTION: **IBM Sterling Secure Proxy could allow a remote user to consume resources causing a denial of service due to a resource leak. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201102](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201102>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-27218](<https://vulners.com/cve/CVE-2020-27218>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by a flaw when GZIP request body inflation is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject data into the body of the subsequent request. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Secure External Authentication Server| 6.0.2 \nIBM External Authentication Server| 6.0.1 \nIBM Sterling External Authentication Server| 2.4.3.2 \n \n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nIBM Secure External Authentication Server\n\n| \n\n6.0.2.0\n\n| \n\n_iFix 2_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.2.0&platform=All&function=all>) \n \nIBM Secure External Authentication Server\n\n| \n\n6.0.1.1\n\n| \n\n_iFix 4_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.1.1&platform=All&function=all>) \n \nIBM Sterling External Authentication Server\n\n| \n\n2.4.3.2\n\n| \n\n_iFix 11_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-30T05:06:11", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13956", "CVE-2020-27218", "CVE-2020-27223", "CVE-2021-29725"], "modified": "2021-07-30T05:06:11", "id": "D783A7F4DFFB9905E79E357ACA80CE9623FFC55147AEC4BAF71DFFC0CC45C9F3", "href": "https://www.ibm.com/support/pages/node/6471615", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T01:45:54", "description": "## Summary\n\nIBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Multiple Eclipse Jetty vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect Direct Web Services| 1.0 \nIBM Sterling Connect:Direct Web Services| 6.1.0 \nIBM Sterling Connect:Direct Web Services| 6.2.0 \nIBM Sterling Connect:Direct Web Services| 6.0 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation \n** \n---|---|--- \nIBM Sterling Connect Direct Web Services| 1.0| Apply 6.0.0.8, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.0| Apply 6.0.0.8, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.1| Apply 6.1.0.12, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.2| Apply 6.2.0.6, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-01T11:34:43", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-06-01T11:34:43", "id": "6B0EA5EC8A444AC10EC1F200C7B61DAF5E4F6E89E5C2943D1BA5016D81598440", "href": "https://www.ibm.com/support/pages/node/6591193", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:43:32", "description": "## Summary\n\nThere are vulnerabilities in Eclipse Jetty that affect Rational Service Tester. Rational Service Tester has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Versions \n---|--- \nRST| 10.2 \nRST| 10.1 \nRST| 10.0 \nRST| 9.5 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation/Fix \n---|---|---|--- \nRST| 10.2| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/0aehl/0/PSIRT49489_RPT-ifix.zip> \nRST| 10.1| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/0aehl/0/PSIRT49489_RPT-ifix.zip> \nRST| 10.0| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/0aehl/0/PSIRT49489_RPT-ifix.zip> \nRST| 9.5| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/0aehl/0/PSIRT49489_RPT-ifix.zip> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-29T20:34:20", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Service Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-07-29T20:34:20", "id": "B9C7132D775DE65C4A7C7EA65CB4611218B4F54983B765131C39E74D07EE9525", "href": "https://www.ibm.com/support/pages/node/6608624", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:44:59", "description": "## Summary\n\nMultiple issues were identified in versions of Eclipse Jetty that IBM MQ uses to provide Web Console, REST API, Salesforce Bridge and Blockchain bridge functionality.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n**DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.1 LTS \nIBM MQ | 9.2 CD \nIBM MQ | 9.1 CD \nIBM MQ | 9.2 LTS \n \n## Remediation/Fixes\n\nThis issue was resolved under APAR IT38935 for IBM MQ 9.1 LTS and 9.2 LTS. \nThis issue was resolved under APAR IT39538 for IBM MQ 9.1 CD and 9.2 CD. \n\n**IBM MQ 9.1 LTS**\n\n[Apply FixPack 9.1.0.10](<https://www.ibm.com/support/pages/downloading-ibm-mq-91010>)\n\n**IBM MQ 9.2 LTS**\n\n[Apply FixPack 9.2.0.3](<https://www.ibm.com/support/pages/downloading-ibm-mq-920-older-fix-packs#fp9203> \"Apply FixPack 9.2.0.3\" )\n\n**IBM MQ 9.1 CD and 9.2 CD**\n\n[Upgrade to IBM MQ 9.2.5](<https://www.ibm.com/support/pages/downloading-ibm-mq-925-continuous-delivery> \"Upgrade to IBM MQ 9.2.5\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-24T16:32:12", "type": "ibm", "title": "Security Bulletin: IBM MQ is vulnerable to multiple Eclipse Jetty issues", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-06-24T16:32:12", "id": "1F707BCFF7B87B9F76A41F8C24CF01CE9AF5A20146DFADFAD12F1F209431504F", "href": "https://www.ibm.com/support/pages/node/6584093", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:45:11", "description": "## Summary\n\nThere are multiple vulnerabilities in Jetty Server. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct Browser User Interface| 1.5.0.2 \nIBM Sterling Connect:Direct Browser User Interface| 1.4.1.1 \n \n\n\n## Remediation/Fixes\n\n**Product**| **Version**| **Fix/Remediation \n** \n---|---|--- \nIBM Sterling Connect:Direct Browser User Interface| 1.4.1.1, 1.5.0.2| Apply 1.5.0.2 iFix-32, available in cumulative iFix032 on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fSterling+Connect%3aDirect+Browser+User+Interface> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-21T20:15:25", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-06-21T20:15:25", "id": "86A0B847D48ABE8E582B1C33E6C19AB73FD9D93A80B340CCDC1D166A92F95ED8", "href": "https://www.ibm.com/support/pages/node/6597281", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:48:10", "description": "## Summary\n\nThere are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRFT| 9.5 \nRFT| 10.0 \nRFT| 10.1 \nRFT| 10.2 \n \n\n\n## Remediation/Fixes\n\nUpgrading to IBM Rational Functional Tester version 10.2.2 is strongly recommended. \n\n**Product**| **Version**| **APAR**| **Remediation/ Fix** \n---|---|---|--- \nRFT| 9.5 - 10.2.1| None| <https://download4.boulder.ibm.com/sar/CMA/RAA/0aehh/0/PSIRT49489_RFT-ifix.zip> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-29T06:27:06", "type": "ibm", "title": "Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-03-29T06:27:06", "id": "2AD1F86BAC93366F89BAA6BECFE551E5D80A650C29A4222CD9BF66F9689BF3F3", "href": "https://www.ibm.com/support/pages/node/6567139", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:45:42", "description": "## Summary\n\nVulnerabilities contained within Eclipse Jetty (a 3rd party component) were identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway (MEG).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**\n\n| \n\n**Version(s)** \n \n---|--- \n \nIBM MaaS360 Mobile Enterprise Gateway\n\n| \n\n2.106.200 and prior \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customer to update their systems promptly. \n\nUpdate the IBM MaaS360 Mobile Enterprise Gateway to version 2.106.500 or higher. Instructions on how to upgrade the Mobile Enterprise Gateway Module is located on this IBM Documentation [page](<https://www.ibm.com/docs/en/maas360?topic=ice-upgrading-mobile-enterprise-gateway-meg-maas360-vpn-modules> \"page\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-06T18:23:19", "type": "ibm", "title": "Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-06-06T18:23:19", "id": "39C214FD5E5504CD5F6F1D889575FBD4E81A443FEF59E6207CD831893A63CFFE", "href": "https://www.ibm.com/support/pages/node/6592799", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:43:34", "description": "## Summary\n\nThere are vulnerabilities in Eclipse Jetty that affect Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected product(s)| Versions \n---|--- \nRPT| 10.2 \nRPT| 10.1 \nRPT| 10.0 \nRPT| 9.5 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation/Fix \n---|---|---|--- \nRPT| 10.2| None| [https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip](<https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip>) \nRPT| 10.1| None| [https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip](<https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip>) \nRPT| 10.0| None| [https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip](<https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip>) \nRPT| 9.5| None| [https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip](<https://download4.boulder.ibm.com/sar/CMA/RAA/0aehj/0/PSIRT49489_RPT-ifix.zip>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-29T20:31:30", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Performance Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429"], "modified": "2022-07-29T20:31:30", "id": "6195FD892AA154A172FA62D1C3179F1BED3A69333139BC056B6242D7A468E832", "href": "https://www.ibm.com/support/pages/node/6608622", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:50:08", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-13934](<https://vulners.com/cve/CVE-2020-13934>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after the upgrade to HTTP/2 in an h2c direct connection. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause OutOfMemoryException resulting in a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185239](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185239>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-17566](<https://vulners.com/cve/CVE-2019-17566>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-4378](<https://vulners.com/cve/CVE-2019-4378>) \n** DESCRIPTION: **IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-1945](<https://vulners.com/cve/CVE-2020-1945>) \n** DESCRIPTION: **Apache Ant could allow a remote attacker to bypass security restrictions, caused by the use of an insecure temporary directory to store source files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and inject modified source files into the build process. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-0543](<https://vulners.com/cve/CVE-2020-0543>) \n** DESCRIPTION: **Xen and multiple Intel processors could allow a local authenticated attacker to obtain sensitive information, caused by an incomplete cleanup from specific special register read operations in some Intel\u00ae Processors. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183116](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183116>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-0548](<https://vulners.com/cve/CVE-2020-0548>) \n** DESCRIPTION: **Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by cleanup errors. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 2.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175117](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175117>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-0549](<https://vulners.com/cve/CVE-2020-0549>) \n** DESCRIPTION: **Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by cleanup errors in some data cache evictions. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2010-4710](<https://vulners.com/cve/CVE-2010-4710>) \n** DESCRIPTION: **YUI Library is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the addItem method in the Menu widget. A remote attacker could exploit this vulnerability using a field that is added to a menu to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65180](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65180>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-5408](<https://vulners.com/cve/CVE-2020-5408>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by the use of a fixed null initialization vector with CBC Mode. By using dictionary attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181969](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181969>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-13990](<https://vulners.com/cve/CVE-2019-13990>) \n** DESCRIPTION: **Terracotta could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the initDocumentParser function in xml/XMLSchedulingDataProcessor.java. By persuading a victim to open specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-13935](<https://vulners.com/cve/CVE-2020-13935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11023](<https://vulners.com/cve/CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11022](<https://vulners.com/cve/CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-15494](<https://vulners.com/cve/CVE-2018-15494>) \n** DESCRIPTION: **Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148556](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148556>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-5398](<https://vulners.com/cve/CVE-2020-5398>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to obtain sensitive information, caused by a flaw when it sets a Content-Disposition header in the response. By using a reflected file download (RFD) attack, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174711](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174711>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** Third Party Entry: **180875 \n** DESCRIPTION: **jQuery cross-site scripting \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** Third Party Entry: **180875 \n** DESCRIPTION: **jQuery cross-site scripting \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** Third Party Entry: **180875 \n** DESCRIPTION: **jQuery cross-site scripting \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** Third Party Entry: **180875 \n** DESCRIPTION: **jQuery cross-site scripting \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM QRadar SIEM 7.4.0 - 7.4.1 GA\n\nIBM QRadar SIEM 7.3.0 - 7.3.3 Patch 4\n\n## Remediation/Fixes\n\n[QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.1-QRADAR-QRSIEM-20200915010309&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1\" )\n\n[QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20200929154613&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-07T22:53:38", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4710", "CVE-2018-15494", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-13990", "CVE-2019-17566", "CVE-2019-4378", "CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-1945", "CVE-2020-5398", "CVE-2020-5408"], "modified": "2020-10-07T22:53:38", "id": "570AF6CDC4F7E864E6852EBD03923041C13A884B424AC254820AD0EEB73694DF", "href": "https://www.ibm.com/support/pages/node/6344075", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:50:09", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-9735](<https://vulners.com/cve/CVE-2017-9735>) \n** DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145523](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-0222](<https://vulners.com/cve/CVE-2019-0222>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted MQTT frame, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158686](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158686>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-1941](<https://vulners.com/cve/CVE-2020-1941>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin GUI. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-8006](<https://vulners.com/cve/CVE-2018-8006>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the queues.jsp file. A remote attacker could exploit this vulnerability using the QueueFilter parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-11775](<https://vulners.com/cve/CVE-2018-11775>) \n** DESCRIPTION: **Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-15709](<https://vulners.com/cve/CVE-2017-15709>) \n** DESCRIPTION: **Apache ActiveMQ could allow a remote attacker to obtain sensitive information, caused by the storing of certain system details in plaintext when using the OpenWire protocol. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139028](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139028>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-7559](<https://vulners.com/cve/CVE-2015-7559>) \n** DESCRIPTION: **Apache ActiveMQ client is vulnerable to a denial of service, caused by a remote shutdown command in the ActiveMQConnection class. By sending a specific command, a remote authenticated attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-12423](<https://vulners.com/cve/CVE-2019-12423>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when ships with OpenId Connect JWK Keys service. By accessing the JWK keystore file, an attacker could exploit this vulnerability to obtain the public keys in JWK format, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-17573](<https://vulners.com/cve/CVE-2019-17573>) \n** DESCRIPTION: **Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-12419](<https://vulners.com/cve/CVE-2019-12419>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to bypass security restrictions, caused by the failure to validate that the authenticated principal is equal to that of the supplied clientId parameter in the request by the OpenId Connect token service. By obtaining the authorization code issued to another client, an attacker could exploit this vulnerability to obtain an access token for the other client. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170975](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170975>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-1954](<https://vulners.com/cve/CVE-2020-1954>) \n** DESCRIPTION: **Apache CXF is vulnerable to a man-in-the-middle attack, caused by a flaw in JMX Integration. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178938](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178938>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-12406](<https://vulners.com/cve/CVE-2019-12406>) \n** DESCRIPTION: **Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170974](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170974>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM QRadar SIEM 7.4.0 - 7.4.1 GA\n\nIBM QRadar SIEM 7.3.0 - 7.3.3 Patch 4\n\n \n\n\n## Remediation/Fixes\n\n[QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.1-QRADAR-QRSIEM-20200915010309&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1\" )\n\n[QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20200929154613&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-07T20:49:35", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7559", "CVE-2017-15709", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-11775", "CVE-2018-12536", "CVE-2018-12545", "CVE-2018-8006", "CVE-2019-0222", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-12406", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-17573", "CVE-2020-1941", "CVE-2020-1954"], "modified": "2020-10-07T20:49:35", "id": "1684DEC3DF3BB9E78C84E76D9D7057965A40ADC07F69C113F4E928D34BF0D671", "href": "https://www.ibm.com/support/pages/node/6344071", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:38:12", "description": "## Summary\n\nVulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Change may affect the security of the product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2191](<https://vulners.com/cve/CVE-2022-2191>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230671](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230671>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2047](<https://vulners.com/cve/CVE-2022-2047>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-2048](<https://vulners.com/cve/CVE-2022-2048>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **230016 \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some of the production servers spiking with CPU use. A remote attacker could exploit this vulnerability to consume CPU that remains high even without any traffic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/230016 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRational Change| 5.3.2.4 \nRational Change| 5.3.2.3 \nRational Change| 5.3.2.2 \nRational Change| 5.3.2.1 \nRational Change| 5.3.2 \n \n## Remediation/Fixes\n\n**Product**| **VRFM**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nRational Change| 5.3.2.5| None.| \n\nUpgrade to Rational Change 5.3.2.5 supporting Jetty 9.4.48 from [IBM Passport Advantage](<https://iea-pf-b1p3a.mul.ie.ibm.com/netaccess/loginuser.html>) and apply it.\n\n \n\n\n**NOTE**:\n\nDownload the Rational Change 5.3.2.5 installation image by referring to the installation platform and its part number in the following list:\n\n * IBM Rational Change V5.3.2.5 Multi-platform Multilingual (CC5T0ML) - Windows and Linux included. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-11T08:56:11", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 04 and earlier versions.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2191"], "modified": "2022-10-11T08:56:11", "id": "5C562A8B9EE6F8140582D44530977F0DEA3EFB52F7ACF87EFAA39CE6862AA47A", "href": "https://www.ibm.com/support/pages/node/6825513", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:38:11", "description": "## Summary\n\nVulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2191](<https://vulners.com/cve/CVE-2022-2191>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230671](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230671>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2047](<https://vulners.com/cve/CVE-2022-2047>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-2048](<https://vulners.com/cve/CVE-2022-2048>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **230016 \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some of the production servers spiking with CPU use. A remote attacker could exploit this vulnerability to consume CPU that remains high even without any traffic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/230016 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRational Synergy| 7.2.2.4 \nRational Synergy| 7.2.2.3 \nRational Synergy| 7.2.2.2 \nRational Synergy| 7.2.2.1 \nRational Synergy| 7.2.2 \n \n## Remediation/Fixes\n\n**Product **| **VRMF**| **APAR**| **Remediation/Fixes** \n---|---|---|--- \nRational Synergy| 7.2.2.5| None| \n\nUpgrade to Rational Synergy 7.2.2.5 from [IBM Passport Advantage](<https://iea-pf-b1p3a.mul.ie.ibm.com/netaccess/loginuser.html> \"IBM Passport Advantage\" ) and apply it.\n\n**NOTE:**\n\nDownload the Rational Synergy 7.2.2.5 installation image by referring to the installation platform and its part number in the following list:\n\n * IBM Rational Synergy V7.2.2.5 Linux Informix Multilingual (CC5T9ML)\n * IBM Rational Synergy V7.2.2.5 Linux Oracle Multilingual (CC5TAML)\n * IBM Rational Synergy V7.2.2.5 Windows Informix Multilingual (CC5TBML) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-11T13:03:15", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2191"], "modified": "2022-10-11T13:03:15", "id": "B1CB4F2A0E5AEB4C5A4669E5319B0B50605F31B798EE4E07A4D889EECCAC2AD2", "href": "https://www.ibm.com/support/pages/node/6825515", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:37:36", "description": "## Summary\n\nMultiple vulnerabilities in Eclipse Jetty used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n**DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-2191](<https://vulners.com/cve/CVE-2022-2191>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230671](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230671>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-2047](<https://vulners.com/cve/CVE-2022-2047>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2022-2048](<https://vulners.com/cve/CVE-2022-2048>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**IBM X-Force ID: **230016 \n**DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some of the production servers spiking with CPU use. A remote attacker could exploit this vulnerability to consume CPU that remains high even without any traffic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/230016 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR64675](<http://www.ibm.com/support/docview.wss?uid=swg1JR64675> \"JR64675\" ) \n[DT160842 ](<https://www.ibm.com/mysupport/aCI3p000000PY8x> \"DT160842\" ) | \\--Upgrade your Update Installer to [version 11.7.1.116](<https://www.ibm.com/support/pages/node/6574447> \"version 11.7.1.???\" ) or later \n \n\\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"11.7.1.4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-21T22:23:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2191"], "modified": "2022-10-21T22:23:42", "id": "25DE8BF64C58EFD9DD2C92C9D544C32FD6567CEC26CF6C9D70956F831B66255A", "href": "https://www.ibm.com/support/pages/node/6829321", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:56:07", "description": "## Summary\n\nMultiple vulnerabilities in dependent libraries affect IBM\u00ae Db2\u00ae leading to denial of service or privilege escalation.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>) \n** DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190474>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-5237](<https://vulners.com/cve/CVE-2015-5237>) \n** DESCRIPTION: **Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in MessageLite::SerializeToString. A remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105989>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-11765](<https://vulners.com/cve/CVE-2018-11765>) \n** DESCRIPTION: **Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in Web interfaces when Kerberos authentication is enabled and SPNEGO through HTTP is disabled. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to access some servlets without authentication. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-11612](<https://vulners.com/cve/CVE-2020-11612>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a large ZlibEncoded byte stream, a remote attacker could exploit this vulnerability to exhaust memory resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-18640](<https://vulners.com/cve/CVE-2017-18640>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-7238](<https://vulners.com/cve/CVE-2020-7238>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175398>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-9488](<https://vulners.com/cve/CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-8088](<https://vulners.com/cve/CVE-2018-8088>) \n** DESCRIPTION: **SLF4J could allow a remote attacker to bypass security restrictions, caused by an error in org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH. By sending specially-crafted data, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140573>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-9489](<https://vulners.com/cve/CVE-2020-9489>) \n** DESCRIPTION: **Apache Tika is vulnerable to a denial of service, caused by an out of memory error and infinite loop flaw in the ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180712](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180712>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-5262](<https://vulners.com/cve/CVE-2020-5262>) \n** DESCRIPTION: **EasyBuild could allow a remote attacker to obtain sensitive information, caused by storing sensitive information in debug log files. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178229>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAll fix pack levels of IBM Db2 V11.1, and V11.5 editions on all platforms are affected.\n\n \n\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V11.1.4 FP6, and V11.5.5. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. \n\n \n\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.1| TBD| [IT36439](<https://www.ibm.com/support/pages/apar/IT36439> \"IT36439\" )| Special Build for V11.1 FP6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_40812_DB2-aix64-universal_fixpack-11.1.4.6-FP006%3A193603019557308288&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_40812_DSClients-linuxia32-client-11.1.4.6-FP006%3A516426185835302336&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_40812_DB2-linuxx64-universal_fixpack-11.1.4.6-FP006%3A731836679439432832&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_40812_DB2-linuxppc64le-universal_fixpack-11.1.4.6-FP006%3A225264975099763520&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_40812_DB2-linux390x64-universal_fixpack-11.1.4.6-FP006%3A187770383869384384&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Solaris 64-bit, SPARC](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_40812_DB2-sun64-universal_fixpack-11.1.4.6-FP006%3A992367376857076352&includeSupersedes=0> \"Solaris 64-bit, SPARC\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_40812_DSClients-nt32-client-11.1.4060.1324-FP006%3A857683489424729088&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_40812_DB2-ntx64-universal_fixpack-11.1.4060.1324-FP006%3A798170719639073920&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| v11.5.6| [IT36413](<https://www.ibm.com/support/pages/apar/IT36413> \"IT36413\" )| <https://www.ibm.com/support/pages/node/6465915> \n \n \n\n\n \n\n\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-23T18:01:11", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM\u00ae Db2\u00ae leading to denial of service or privilege escalation.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2015-5237", "CVE-2017-18640", "CVE-2018-11765", "CVE-2018-8088", "CVE-2020-11612", "CVE-2020-27216", "CVE-2020-5262", "CVE-2020-7238", "CVE-2020-9488", "CVE-2020-9489"], "modified": "2021-06-23T18:01:11", "id": "026861C8F37CB442AEB06F08CB67784AB6226E1C2C5830E2D4227D71E9453C5B", "href": "https://www.ibm.com/support/pages/node/6466365", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:42:56", "description": "## Summary\n\nThere are multiple vulnerabilities in Jasper, Version 2 Service Refresh 2 Fix Pack 2, used by Jetty 8.1.3 is affecting IBM Rational Change.\n\n## Vulnerability Details\n\nThe following are the list of vulnerabilities affecting IBM Rational Change:\n\n**CVEID**: _[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \n**CVSS Base Score**: 6.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n \n**CVEID**: _[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>)_ \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID**: _[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \n**CVSS Base Score**: 6.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>_ for the current score. \n**CVSS Environmental Score***: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID**: _[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \n**CVSS Base Score**: 6.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID**: _[CVE-2018-18873](<https://vulners.com/cve/CVE-2018-18873>)_ \n**DESCRIPTION**: JasPer is vulnerable to a denial of service, caused by a NULL pointer dereference in the ras_putdatastd function in ras/ras_enc.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \n**CVSS Base Score**: 3.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/152318>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID**: _[CVE-2018-19139](<https://vulners.com/cve/CVE-2018-19139>)_ \n**DESCRIPTION**: JasPer is vulnerable to a denial of service, caused by a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \n**CVSS Base Score**: 3.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/153097>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID**: _[CVE-2018-20584](<https://vulners.com/cve/CVE-2018-20584>)_ \n**DESCRIPTION**: JasPer is vulnerable to a denial of service, caused by a flaw when converting the output to jp2 format. By using a specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to hang. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/154954>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID**: _[CVE-2018-20570](<https://vulners.com/cve/CVE-2018-20570>)_ \n**DESCRIPTION**: JasPer is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the jp2_encode function in jp2/jp2_enc.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/154998>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID**: _[CVE-2018-20622](<https://vulners.com/cve/CVE-2018-20622>)_ \n**DESCRIPTION**: JasPer could allow a remote attacker to obtain sensitive information, caused by a memory leak in base/jas_malloc.c in libjasper.a when \"--output-format jp2\" is used. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score**: 3.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/155056>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n \n**CVEID**: _[CVE-2019-10247](<https://vulners.com/cve/CVE-2018-10247>)_ \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n**CVEID**: _[CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \n**CVSS Base Score**: 7.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/161491>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Rational Change 5.3.1, 5.3.1.1 and 5.3.1.2. \n\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nRational Change | 5.3.1, 5.3.1.1, 5.3.1.2. | None. | \n\nUpgrade to Rational Change 5.3.2 supporting Jetty 9.4.14 from _[IBM Passport Advantage](<https://iea-pf-b1p3a.mul.ie.ibm.com/netaccess/loginuser.html>)_ and apply it.\n\n**NOTE**:\n\nDownload the Rational Synergy 7.2.2 installation image by referring to the installation platform and its part number in the following list:\n\n * IBM Rational Change V5.3.2 Multi-platform Multilingual (CC5T0ML) - Windows and Linux included. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T09:06:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Change is deployed", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2018-10247", "CVE-2018-12536", "CVE-2018-12545", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2019-10247"], "modified": "2020-03-30T09:06:54", "id": "8A3B4149E7EAB3A7478E92C55ED495F70AD25B6A33537799F9CFBD490835D8BD", "href": "https://www.ibm.com/support/pages/node/2469207", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:40:26", "description": "## Summary\n\nThere are multiple vulnerabilities in Jasper, Version 2 Service Refresh 2 Fix Pack 2, used by Jetty 8.1.3 is affecting IBM Rational Synergy.\n\n## Vulnerability Details\n\nThe following are the list of vulnerabilities affecting IBM Rational Synergy:\n\n**CVEID**: _[CVE-2018-12538](<https://vulners.com/cve/CVE-2018-12536>)_ \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to hijack a user's session, caused by a flaw in the FileSessionDataStore. An attacker could exploit this vulnerability to gain access to another user's session. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145321>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID**: _[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \n**CVSS Base Score**: 6.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID**: _[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>)_ \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID**: _[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \n**CVSS Base Score**: 6.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID**: _[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \n**CVSS Base Score**: 6.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID**: _[CVE-2018-18384](<https://vulners.com/cve/CVE-2018-18384>)_ \n**DESCRIPTION**: Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the list.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \n**CVSS Base Score**: 7.8 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/151365>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID**: _[CVE-2018-18873](<https://vulners.com/cve/CVE-2018-18873>)_ \n**DESCRIPTION**: JasPer is vulnerable to a denial of service, caused by a NULL pointer dereference in the ras_putdatastd function in ras/ras_enc.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \n**CVSS Base Score**: 3.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/152318>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID**: _[CVE-2018-19139](<https://vulners.com/cve/CVE-2018-19139>)_ \n**DESCRIPTION**: JasPer is vulnerable to a denial of service, caused by a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \n**CVSS Base Score**: 3.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/153097>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID**: _[CVE-2018-20570](<https://vulners.com/cve/CVE-2018-20570>)_ \n**DESCRIPTION**: JasPer is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the jp2_encode function in jp2/jp2_enc.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/154998>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID**: _[CVE-2018-20584](<https://vulners.com/cve/CVE-2018-20584>)_ \n**DESCRIPTION**: JasPer is vulnerable to a denial of service, caused by a flaw when converting the output to jp2 format. By using a specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to hang. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/154954>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n**CVEID**: _[CVE-2018-20622](<https://vulners.com/cve/CVE-2018-20622>)_ \n**DESCRIPTION**: JasPer could allow a remote attacker to obtain sensitive information, caused by a memory leak in base/jas_malloc.c in libjasper.a when \"--output-format jp2\" is used. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score**: 3.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/155056>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n \n**CVEID**: _[CVE-2019-10247](<https://vulners.com/cve/CVE-2018-10247>)_ \n**DESCRIPTION**: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n**CVEID**: _[CVE-2018-12545](<https://vulners.com/cve/CVE-2018-12545>)_ \n**DESCRIPTION**: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \n**CVSS Base Score**: 7.5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/161491>_ for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Rational Synergy 7.2.1.0 to 7.2.1.7. \n\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nRational Synergy | 7.2.1.0 to 7.2.1.7 | N/A | \n\nUpgrade to Rational Synergy 7.2.2 supporting Jetty 9.4.14 from _[IBM Passport Advantage](<https://iea-pf-b1p3a.mul.ie.ibm.com/netaccess/loginuser.html>)_ and apply it.\n\n**NOTE**:\n\nDownload the Rational Synergy 7.2.2 installation image by referring to the installation platform and its part number in the following list:\n\n * IBM Rational Synergy V7.2.2 Linux Informix Multilingual (CC5T9ML) \n * IBM Rational Synergy V7.2.2 Linux Oracle Multilingual (CC5TAML) \n * IBM Rational Synergy V7.2.2 Windows Informix Multilingual (CC5TBML) \n \n_For Rational Synergy 7.1.0.x IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-22T18:18:53", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Synergy is deployed", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2018-10247", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-18384", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2019-10247"], "modified": "2020-12-22T18:18:53", "id": "3F1E93CED935A8B73DF4F559D8444A47F42A24D3C4458A3E6BDE3B7C2F9CF9D0", "href": "https://www.ibm.com/support/pages/node/2468169", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:40:36", "description": "## Summary\n\nBAYEUX_BROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUX_BROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and secure.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2007-5615](<https://vulners.com/cve/CVE-2007-5615>) \n** DESCRIPTION: **Jetty is vulnerable to CRLF injection, caused by improper validation of user-supplied input. A remote attacker could inject arbitrary commands using CRLF sequences, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/38899](<https://exchange.xforce.ibmcloud.com/vulnerabilities/38899>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2007-6672](<https://vulners.com/cve/CVE-2007-6672>) \n** DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by the improper processing of URLs containing multiple forward slash (/) characters. An attacker could exploit this vulnerability to gain unauthorized access to restricted files and view arbitrary directories on the Web server. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/39407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/39407>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2009-1523](<https://vulners.com/cve/CVE-2009-1523>) \n** DESCRIPTION: **Jetty HTTP server could allow a remote attacker to traverse directories on the system, caused by an error when the DefaultServlet with support for aliases is explicitly enabled or the ResourceHandler class is configured to serve static content. An attacker could exploit this vulnerability by sending a specially-crafted URL request to view arbitrary files on the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/50298](<https://exchange.xforce.ibmcloud.com/vulnerabilities/50298>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2009-1524](<https://vulners.com/cve/CVE-2009-1524>) \n** DESCRIPTION: **Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using an appended \";\" character in the directory listing's path via a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/50301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/50301>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2009-4609](<https://vulners.com/cve/CVE-2009-4609>) \n** DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by an error in the Dump Servlet. By sending a request to a URI ending in /dump/, a remote attacker could exploit this vulnerability to obtain sensitive information about internal variables and other data. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/55650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/55650>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2009-4610](<https://vulners.com/cve/CVE-2009-4610>) \n** DESCRIPTION: **Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the dump.jsp in the JSP Dump feature and the default URI for the Session Dump Servlet under session/. A remote attacker could exploit this vulnerability using the Name or Value parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/55651](<https://exchange.xforce.ibmcloud.com/vulnerabilities/55651>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2009-4611](<https://vulners.com/cve/CVE-2009-4611>) \n** DESCRIPTION: **Ruby could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to filter terminal escape sequences in HTTP requests by the WEBrick component. By sending a specially-crafted HTTP request containing escape sequences and persuading a victim to view the logfile using the \"cat\" or \"tail\" tools, a remote attacker could inject the escape sequences into WEBrick logs and execute malicious control characters on the victim's terminal emulator. \nCVSS Base score: 5.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/55533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/55533>) for the current score. \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2009-4612](<https://vulners.com/cve/CVE-2009-4612>) \n** DESCRIPTION: **Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the WebApp JSP Snoop page. A remote attacker could exploit this vulnerability using the PATH_INFO in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/55652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/55652>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2009-5045](<https://vulners.com/cve/CVE-2009-5045>) \n** DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the Dump Servlet. A remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171886>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2009-5046](<https://vulners.com/cve/CVE-2009-5046>) \n** DESCRIPTION: **Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the JSP Dump and Session Dump Servlet. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171885>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2009-5047](<https://vulners.com/cve/CVE-2009-5047>) \n** DESCRIPTION: **Jetty could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the Cookie Dump Servlet and Http Content-Length header. By a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171884](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171884>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2009-5048](<https://vulners.com/cve/CVE-2009-5048>) \n** DESCRIPTION: **Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Cookie Dump Servlet. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171883](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171883>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2009-5049](<https://vulners.com/cve/CVE-2009-5049>) \n** DESCRIPTION: **Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the JSP Snoop page in Webapp. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171880](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171880>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2011-4461](<https://vulners.com/cve/CVE-2011-4461>) \n** DESCRIPTION: **Jetty is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72017](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72017>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-9735](<https://vulners.com/cve/CVE-2017-9735>) \n** DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Control Desk| IBM Control Desk 7.6.x \nIBM SmartCloud Control Desk| 7.5.X \n \n\n\n## Remediation/Fixes\n\n**For IBM Control Desk 7.6.1.4 and earlier versions:**\n\nThere is a provision in web.xml to make BAYEUX_BROWSER cookie true for https and secure. The path can also be updated using <init-params> in web.xml against CometDServlet entry in the deployment descriptor. \n<https://docs.cometd.org/current/reference/>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-19T20:54:31", "type": "ibm", "title": "Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5615", "CVE-2007-6672", "CVE-2009-1523", "CVE-2009-1524", "CVE-2009-4609", "CVE-2009-4610", "CVE-2009-4611", "CVE-2009-4612", "CVE-2009-5045", "CVE-2009-5046", "CVE-2009-5047", "CVE-2009-5048", "CVE-2009-5049", "CVE-2011-4461", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2019-10247"], "modified": "2022-09-19T20:54:31", "id": "56AA25058B49601CC436FB99CDCA8B0EFA02E1CE410A9EC2373C5FE7CBDAE326", "href": "https://www.ibm.com/support/pages/node/6621343", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:51:50", "description": "## Summary\n\nThere are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) .These vulnerabilities have been fixed in GDE 4.0.0.3. Please apply the latest version for the fixes.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4697](<https://vulners.com/cve/CVE-2019-4697>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by an authenticated user. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171928](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171928>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-12814](<https://vulners.com/cve/CVE-2019-12814>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-12384](<https://vulners.com/cve/CVE-2019-12384>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the logback-core class from polymorphic deserialization. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-19362](<https://vulners.com/cve/CVE-2018-19362>) \n**DESCRIPTION: **An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155093](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155093>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-19361](<https://vulners.com/cve/CVE-2018-19361>) \n**DESCRIPTION: **An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155092>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-19360](<https://vulners.com/cve/CVE-2018-19360>) \n**DESCRIPTION: **An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155091](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155091>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-14721](<https://vulners.com/cve/CVE-2018-14721>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-14720](<https://vulners.com/cve/CVE-2018-14720>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by JDK classes. By sending a specially-crafted XML data. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155137>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-14719](<https://vulners.com/cve/CVE-2018-14719>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155138](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155138>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-1000873](<https://vulners.com/cve/CVE-2018-1000873>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by improper input validation by the nanoseconds time value field. By persuading a victim to deserialize specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154804](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154804>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-4691](<https://vulners.com/cve/CVE-2019-4691>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171828](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171828>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-4694](<https://vulners.com/cve/CVE-2019-4694>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2017-12974](<https://vulners.com/cve/CVE-2017-12974>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding with ECKey construction without ensuring that the public x and y coordinates are on the specified curve. A remote attacker could exploit this vulnerability to conduct an Invalid Curve Attack. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2017-12973](<https://vulners.com/cve/CVE-2017-12973>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding improperly after detection of an invalid HMAC in authenticated AES-CBC decryption. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130789](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130789>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2017-12972](<https://vulners.com/cve/CVE-2017-12972>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by the lack of integer-overflow check when converting length values from bytes to bits. A remote attacker could exploit this vulnerability to conduct a HMAC bypass attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130790>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2019-4699](<https://vulners.com/cve/CVE-2019-4699>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) generates an error message that includes sensitive information about its environment, users, or associated data. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-4688](<https://vulners.com/cve/CVE-2019-4688>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171825](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171825>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145523](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2017-9735](<https://vulners.com/cve/CVE-2017-9735>) \n**DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-10072](<https://vulners.com/cve/CVE-2019-10072>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by HTTP/2 connection window exhaustion on write. By failing to send WINDOW_UPDATE messages, a remote attacker could exploit this vulnerability to block threads on the server and cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162806>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>) \n**DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the way JRE passes command-line arguments when enableCmdLineArguments is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159398>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161746](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161746>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-0199](<https://vulners.com/cve/CVE-2019-0199>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the acceptance of streams with excessive numbers of SETTINGS frames and the permitting of clients to keep streams open without reading/writing request data by the HTTP/2 implementation. By sending excessive SETTINGS frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-3778](<https://vulners.com/cve/CVE-2019-3778>) \n**DESCRIPTION: **Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in authorization endpoint. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158330](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158330>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-11269](<https://vulners.com/cve/CVE-2019-11269>) \n**DESCRIPTION: **Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using redirect_uri parameter in a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-3795](<https://vulners.com/cve/CVE-2019-3795>) \n**DESCRIPTION: **Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n**CVEID: **[CVE-2019-11272](<https://vulners.com/cve/CVE-2019-11272>) \n**DESCRIPTION: **Pivotal Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the PlaintextPasswordEncoder function. By using a password of \"null\", an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2018-1258](<https://vulners.com/cve/CVE-2018-1258>) \n**DESCRIPTION: **Pivotal Spring Framework Spring Security could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain unauthorized access to methods that should be restricted. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2018-1000613](<https://vulners.com/cve/CVE-2018-1000613>) \n**DESCRIPTION: **Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection flaw in XMSS/XMSS^MT private key deserialization. By using specially-crafted private key, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148041](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148041>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-5382](<https://vulners.com/cve/CVE-2018-5382>) \n**DESCRIPTION: **Bouncy Castle could allow a local attacker to obtain sensitive information, caused by an error in the BKS version 1 keystore files. By utilizing an HMAC that is only 16 bits long for the MAC key size, an attacker could exploit this vulnerability using brute-force techniques to crack a BKS-V1 keystore file in seconds and gain access to the keystore contents. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2016-1000346](<https://vulners.com/cve/CVE-2016-1000346>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the other party DH public key. A remote attacker could exploit this vulnerability to reveal details via invalid keys. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000345](<https://vulners.com/cve/CVE-2016-1000345>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by an environment where timings can be easily observed. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000344](<https://vulners.com/cve/CVE-2016-1000344>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DHIES implementation. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000343](<https://vulners.com/cve/CVE-2016-1000343>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA key pair generator. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151810](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151810>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000342](<https://vulners.com/cve/CVE-2016-1000342>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the ECDSA. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151811](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151811>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000341](<https://vulners.com/cve/CVE-2016-1000341>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA signature generation. A remote attacker could exploit this vulnerability to launch timing attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151812>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2018-1000180](<https://vulners.com/cve/CVE-2018-1000180>) \n**DESCRIPTION: **Bouncy Castle could provide weaker than expected security, caused by an error in the Low-level interface to RSA key pair generator. The RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144810](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144810>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2016-1000339](<https://vulners.com/cve/CVE-2016-1000339>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the AESEngine. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151814](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151814>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000338](<https://vulners.com/cve/CVE-2016-1000338>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the DSA. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2015-7940](<https://vulners.com/cve/CVE-2015-7940>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107739](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2013-1624](<https://vulners.com/cve/CVE-2013-1624>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by the exposure of timing differences during padding check verification by the CBC ciphersuite of the Transport Layer Security (TLS) implementation. An attacker could exploit this vulnerability using a timing attack to recover the original plaintext and obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/81910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81910>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID: **[CVE-2017-13098](<https://vulners.com/cve/CVE-2017-13098>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive Chosen Ciphertext (Bleichenbacher) attack. By utilizing discrepancies in TLS error messages, an attacker could exploit this vulnerability to obtain the data in the encrypted messages once the TLS session has completed. Note: This vulnerability is also known as the ROBOT attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/136241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-4689](<https://vulners.com/cve/CVE-2019-4689>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171826>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2016-6497](<https://vulners.com/cve/CVE-2016-6497>) \n**DESCRIPTION: **Apache could allow a remote attacker to execute arbitrary code on the system, caused by a LDAP entry poisoning vulnerability in main/java/org/apache/directory/groovyldap/LDAP.java. By leveraging setting returnObjFlag to true for all search methods, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2018-10237](<https://vulners.com/cve/CVE-2018-10237>) \n**DESCRIPTION: **Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-1000850](<https://vulners.com/cve/CVE-2018-1000850>) \n**DESCRIPTION: **Square Retrofit could allow a remote attacker to traverse directories on the system, caused by improper input validation by the RequestBuilder class. An attacker could send a specially-crafted URL request to containing \"dot dot\" sequences (/../) to add or delete arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2019-4686](<https://vulners.com/cve/CVE-2019-4686>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171822](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171822>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nGDE | 3.0.0.2 \n \n## Remediation/Fixes\n\nProduct(s) | Fixed Version \n---|--- \nGDE | [4.0.0.3](<https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=9269c25b1b795410f2888739cd4bcb16> \"4.0.0.0\" ) \n \n## Workarounds and Mitigations\n\nAffected Component | Fixed Version \n---|--- \nIBM Guardium for Cloud Key Management (GCKM) | GCKM 1.7.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-24T10:03:43", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1624", "CVE-2015-7940", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-6497", "CVE-2017-12972", "CVE-2017-12973", "CVE-2017-12974", "CVE-2017-13098", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000850", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-12536", "CVE-2018-1258", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-5382", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-11269", "CVE-2019-11272", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-3778", "CVE-2019-3795", "CVE-2019-4686", "CVE-2019-4688", "CVE-2019-4689", "CVE-2019-4691", "CVE-2019-4694", "CVE-2019-4697", "CVE-2019-4699"], "modified": "2020-08-24T10:03:43", "id": "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "href": "https://www.ibm.com/support/pages/node/6320835", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:42:36", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-43859](<https://vulners.com/cve/CVE-2021-43859>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly recursive collections or maps, a remote attacker could exploit this vulnerability to allocate 100% CPU time on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24407](<https://vulners.com/cve/CVE-2022-24407>) \n** DESCRIPTION: **Cyrus SASL is vulnerable to SQL injection. A remote authenticated attacker could send a specially-crafted SQL statements to view, add, modify or delete information in the back-end database. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220223](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220223>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3677](<https://vulners.com/cve/CVE-2021-3677>) \n** DESCRIPTION: **Postgresql could allow a remote authenticated attacker to obtain sensitive information, caused by the memory disclosure in certain queries. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221070](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221070>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-22720](<https://vulners.com/cve/CVE-2022-22720>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are encountered discarding the request body. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45960](<https://vulners.com/cve/CVE-2021-45960>) \n** DESCRIPTION: **Expat (aka libexpat) is vulnerable to a denial of service, caused by a realloc misbehavior issue in the storeAtts function in xmlparse.c. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-46143](<https://vulners.com/cve/CVE-2021-46143>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of m_groupSize in doProlog in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22822](<https://vulners.com/cve/CVE-2022-22822>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22823](<https://vulners.com/cve/CVE-2022-22823>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216907](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216907>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22824](<https://vulners.com/cve/CVE-2022-22824>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22825](<https://vulners.com/cve/CVE-2022-22825>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216905](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216905>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22826](<https://vulners.com/cve/CVE-2022-22826>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of nextScaffoldPart in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22827](<https://vulners.com/cve/CVE-2022-22827>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of storeAtts in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23852](<https://vulners.com/cve/CVE-2022-23852>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25235](<https://vulners.com/cve/CVE-2022-25235>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25236](<https://vulners.com/cve/CVE-2022-25236>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25315](<https://vulners.com/cve/CVE-2022-25315>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in storeRawNames. By persuading a victim to open a specially-crafted file, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219945](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219945>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4083](<https://vulners.com/cve/CVE-2021-4083>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a read-after-free memory flaw in the garbage collection for Unix domain socket file handlers. By simultaneously calling close() and fget() functions to trigger a race condition, an attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** IBM X-Force ID: **230016 \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some of the production servers spiking with CPU use. A remote attacker could exploit this vulnerability to consume CPU that remains high even without any traffic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/230016 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM QRadar SIEM| 7.3.0 - 7.3.3 Fix Pack 11 \nIBM QRadar SIEM| 7.4.0 - 7.4.3 Fix Pack 5 \nIBM QRadar SIEM| 7.5.0 - 7.5.0 Update Pack 1 \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nAffected Product(s)| Versions| Fix \n---|---|--- \nIBM QRadar SIEM| 7.3| [7.3.3 Fix Pack 12](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220708215012&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.3.3 Fix Pack 12\" ) \nIBM QRadar SIEM| 7.4| [7.4.3 Fix Pack 6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220531120920&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.4.3 Fix Pack 6\" ) \nIBM QRadar SIEM| 7.5| [7.5.0 Update Pack 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220527130137&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.5.0 Update Pack 2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T13:34:53", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM includes components with multiple known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429", "CVE-2021-3677", "CVE-2021-4083", "CVE-2021-43859", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-22720", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-23852", "CVE-2022-24407", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315"], "modified": "2022-08-23T13:34:53", "id": "EAC404329213DF471FF757B7F009DD8A087FC2C57793182718799AB73514DB48", "href": "https://www.ibm.com/support/pages/node/6614725", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:39:51", "description": "## Question\n\nIs there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis?\n\n## Answer\n\nLog Analysis is made up of several [components](<https://www.ibm.com/docs/en/oala/1.3.7?topic=analysis-architecture>). The following table contains security bulletins that address the vulnerability of various\n\ncomponents in Log Analysis, listed by release.\n\nVersion | CVE No. | Component | Vulnerability Description \n---|---|---|--- \n1.3.7 IF001 | Internal Vulnerability | Log Analysis | CSRFToken is not validated or updated on logout and login \nThe CSRFToken is not validated or updated on each logout and login by Log Analysis. Token value remains the same for all the logins and active sessions until users close the browser. \n1.3.7 IF001 | Internal Vulnerability | Log Analysis | Log Analysis Help pages are vulnerable to Clickjacking \nX-frame-Option header was implemented for Log Analysis application. However this was not implemented for Log Analysis help pages to prevent Clickjacking. \n1.3.7 | CVE-2017-1000190 | Apache Solr | [Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2017-1000190)](<https://www.ibm.com/support/pages/node/6446147>) \n1.3.7 | CVE-2020-11620 \nCVE-2020-10969 \nCVE-2020-14062 \nCVE-2020-14060 \nCVE-2020-11112 \nCVE-2020-10968 \nCVE-2020-10672 \nCVE-2020-9548 \nCVE-2020-9546 \nCVE-2020-11619 \nCVE-2020-11111 \nCVE-2020-14195 \nCVE-2020-14061 \nCVE-2020-11113 \nCVE-2020-9547 \nCVE-2020-10673 \nCVE-2019-10202 \nCVE-2019-17531 \nCVE-2019-14893 \nCVE-2020-8840 \nCVE-2019-10172 | Apache Solr | [Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6446143>) \n1.3.7 | CVE-2019-17558 | Apache Solr | [Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2019-17558)](<https://www.ibm.com/support/pages/node/6445363>) \n1.3.7 | CVE-2014-3643 | Apache Zookeeper | [Security Bulletin: Vulnerability in jersey affect Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2014-3643)](<https://www.ibm.com/support/pages/node/6445361>) \n1.3.7 | CVE-2015-5237 | Apache Solr | [Security Bulletin: protobuf Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis Analysis (CVE-2015-5237)](<https://www.ibm.com/support/pages/node/6445359>) \n1.3.7 | CVE-2019-10246 \nCVE-2019-10247 \nCVE-2019-10241 | Apache Solr | [Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Apache Solr shipped with IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6445357>) \n1.3.7 | CVE-2020-1945 | Apache Ant | [Security Bulletin: Vulnerability in Apache Ant affect IBM Operations Analytics - Log Analysis Analysis (CVE-2020-1945)](<https://www.ibm.com/support/pages/node/6445355>) \n1.3.7 | CVE-2019-17359 | Apache Solr | [Security Bulletin: Vulnerability in Bouncy Castle affect Apache Solr shipped IBM Operations Analytics - Log Analysis Analysis (CVE-2019-17359)](<https://www.ibm.com/support/pages/node/6444781>) \n1.3.7 | CVE-2019-12402 | Apache Solr | [Security Bulletin: Vulnerability in Apache Commons Compress affect Apache Solr shipped IBM Operations Analytics - Log Analysis Analysis (CVE-2019-12402)](<https://www.ibm.com/support/pages/node/6444777>) \n1.3.7 | CVE-2018-11766 \nCVE-2017-15713 | Apache Solr | [Security Bulletin: Multiple vulnerabilities in Apache Hadoop affect Apache Solr shipped with IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6444773>) \n1.3.7 | CVE-2019-0201 | Apache Zookeeper | [Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)](<https://www.ibm.com/support/pages/node/6444771>) \n1.3.7 | CVE-2018-11768 | Apache Solr | [Security Bulletin: Vulnerability in Apache Hadoop affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2018-11768)](<https://www.ibm.com/support/pages/node/6444767>) \n1.3.7 | CVE-2019-12415 | Apache Solr | [Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to vulnerability in Apache POI (CVE-2019-12415)](<https://www.ibm.com/support/pages/node/6444763>) \n1.3.7 | CVE-2019-0228 | Apache Solr | [Security Bulletin: Vulnerability in Apache PDFBox affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2019-0228)](<https://www.ibm.com/support/pages/node/6444757>) \n \n1.3.7 | CVE-2018-1000613 \nCVE-2016-1000342 \nCVE-2016-1000344 \nCVE-2016-1000345 \nCVE-2016-1000339 \nCVE-2016-1000346 \nCVE-2016-1000338 \nCVE-2016-1000343 \nCVE-2016-1000340 \nCVE-2016-1000352 \nCVE-2015-6644 \nCVE-2016-1000341 \nCVE-2018-1000180 | Apache Solr | \n\n[Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6444097>) \n \n \n1.3.7 | CVE-2018-14718 \nCVE-2018-14719 \nCVE-2018-19362 \nCVE-2018-14721 \nCVE-2018-11307 \nCVE-2019-16335 \nCVE-2018-19361 \nCVE-2018-14720 \nCVE-2018-19360 \nCVE-2019-14540 \nCVE-2019-14379 \nCVE-2018-12023 \nCVE-2019-14439 \nCVE-2019-12814 \nCVE-2018-12022 \nCVE-2018-5968 \nCVE-2019-12384 \nCVE-2019-12086 | Apache Solr | \n\n[Security Bulletin: Multiple vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6444089>) \n \n \n1.3.7 | Internal Vulnerability | Apache Solr | Vulnerabilities from Apache Commons Fileupload: Apache Solr (Lucene) \nThe class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception. \n1.3.7 | Internal Vulnerability | Apache Solr, \nLog Analysis | [Apache Solr (Lucene) and Unity are vulnerable to Apache commons-codec](<https://github.com/apache/commons-codec/commit/48b615756d1d770091ea3322eefc08011ee8b>) \n \n1.3.7 | CVE-2013-4002 \nCVE-2012-0881 \nCVE-2009-2625 | Apache Solr | [Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Xerces2](<https://www.ibm.com/support/pages/node/6444043>) \n1.3.7 | CVE-2018-10237 | Apache Solr | [Security Bulletin: A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237)](<https://www.ibm.com/support/pages/node/6444041>) \n1.3.7 | CVE-2018-1000632 | Apache Solr | [Security Bulletin: dom4j Vulnerability in Apache Solr shipped with IBM Operations Analytics - Log Analysis Analysis (CVE-2018-1000632)](<https://www.ibm.com/support/pages/node/6444035>) \n1.3.7 | CVE-2018-11761 \nCVE-2018-17197 \nCVE-2019-10088 \nCVE-2019-10094 \nCVE-2018-11796 | Apache Solr | [Security Bulletin: Multiple vulnerabilities in Apache Tika affects Apache Solr shipped with IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6444033>) \n \n1.3.7 | CVE-2018-8017 | Apache Solr | [Security Bulletin: Vulnerability with Apache Tika in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-8017)](<https://www.ibm.com/support/pages/node/6444031>) \n1.3.7 | CVE-2018-11797 | Apache Solr | [Security Bulletin: Vulnerability in Apache PDFBox affect Apache Solr shipped IBM Operations Analytics - Log Analysis Analysis (CVE-2018-11797)](<https://www.ibm.com/support/pages/node/6443675>) \n1.3.7 | CVE-2018-8036 | Apache Solr | [Security Bulletin: Vulnerability in Apache PDFBox affects Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2018-8036)](<https://www.ibm.com/support/pages/node/6443667>) \n1.3.6 FP001 | Internal Vulnerability | Log Analysis | [Security Bulletin: Content Spoofing vulnerability in IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6242186>) \n1.3.6 FP001 | Internal Vulnerability | Log Analysis | [Security Bulletin: Insecure Path Attribute in IBM Operations Analytics - Log Analysis (CSRFToken , LtpaToken2)](<https://www.ibm.com/support/pages/node/6242190>) \n1.3.6 FP001 | Internal Vulnerability | Log Analysis | [Security Bulletin: Cross site Scripting (Reflected) vulnerability in IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6242200>) \n1.3.6 FP001 | Internal Vulnerability | Log Analysis | [Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics - Log Analysis (pre-login scenario)](<https://www.ibm.com/support/pages/node/6242210>) \n1.3.6 FP001 | CVE-2017-3164 | Apache Solr | [Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2017-3164)](<https://www.ibm.com/support/pages/security-bulletin-potential-vulnerability-ssrf-apache-solr-affect-ibm-operations-analytics-log-analysis-cve-2017-3164-0>) \n1.3.6 IF001 | Internal Vulnerability | Log Analysis | [Security Bulletin: Query Parameter in SSL vulnerability in IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/node/6324045>) \n1.3.6 | CVE-2019-4216 | WebSphere Application Server Liberty | [Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to potential Host Header Injection (CVE-2019-4216)](<https://www.ibm.com/support/pages/node/1109745>) \n1.3.6 | CVE-2019-4243 | Apache Solr | [Security Bulletin: A vulnerability in Apache Solr (Lucene) affects IBM Operations Analytics - Log Analysis (CVE-2019-4243)](<https://www.ibm.com/support/pages/node/1109721>) \n1.3.6 | CVE-2019-4215 | WebSphere Application Server Liberty | [Security Bulletin: Clickjacking vulnerability in IBM Operations Analytics - Log Analysis (CVE-2019-4215)](<https://www.ibm.com/support/pages/node/1109769>) \n1.3.6 | CVE-2019-4214 | WebSphere Application Server Liberty | [Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie](<https://www.ibm.com/support/pages/node/1110171>) \n1.3.6 | CVE-2019-4244 | Apache Zookeeper | [Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an Apache Zookeeper vulnerability (CVE-2019-4244)](<https://www.ibm.com/support/pages/node/1127523>) \n \n1.3.6 | Internal Vulnerability | Log Analysis | [Security Bulletin: Log Analysis is vulnerable to Injection Attacks](<https://www.ibm.com/support/pages/node/6155553>) \n1.3.6 | CVE-2020-13957 | Apache Solr | [Security Bulletin: Vulnerability related to unauthenticated uploads in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2020-13957)](<https://www.ibm.com/support/pages/node/6359003>) \n \n1.3.5 FP003 | CVE-2019-0192 | Apache Solr | [Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2019-0192)](<https://www.ibm.com/support/pages/security-bulletin-potential-vulnerability-related-unsafe-deserialization-apache-solr-shipped-ibm-operations-analytics-log-analysis-cve-2019-0192>) \n \nThis table contains a list of vulnerabilities that were resolved by the respective version of the component.\n\nAffected Log Analysis Version | CVE No. | Component | Vulnerability Description \n---|---|---|--- \n1.3.5FP3 1.3.6 1.3.6FP1 | CVE-2020-4590 | WebSphere Application Server Liberty | [Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2020-4590)](<https://www.ibm.com/support/pages/node/6340079>) \n \n1.3.1\n\n1.3.2\n\n1.3.3\n\n1.3.4\n\n1.3.5\n\n| CVE-2019-4046 | WebSphere Application Server Liberty | [Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2019-4046)](<https://www.ibm.com/support/pages/node/882870>) \n \n1.3.1\n\n1.3.2\n\n1.3.3\n\n1.3.4\n\n1.3.5FP1\n\n1.3.5FP2\n\n| CVE-2018-10237 | WebSphere Application Server Liberty | [Security Bulletin: Potential denial of service in WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2018-10237)](<https://www.ibm.com/support/pages/security-bulletin-potential-denial-service-websphere-application-server-shipped-ibm-operations-analytics-log-analysis-cve-2018-10237?lnk=hm>) \n1.3.5 | CVE-2017-12624 | WebSphere Application Server Liberty | [Security Bulletin: Denial of Service in Apache CXF used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2017-12624)](<https://www.ibm.com/support/pages/security-bulletin-denial-service-apache-cxf-used-websphere-application-server-affect-ibm-operations-analytics-log-analysis-cve-2017-12624>) \n \n1.3.1\n\n1.3.2\n\n1.3.3\n\n1.3.4\n\n1.3.5\n\n| CVE-2018-1447 \nCVE-2018-1388 \nCVE-2016-0702 \nCVE-2016-0705 \nCVE-2017-3732 \nCVE-2017-3736 \nCVE-2018-1428 \nCVE-2018-1427 \nCVE-2018-1426 | IBM Tivoli \nMonitoring | [Security Bulletin: Multiple vulnerabilities affect the GSKit component of IBM Tivoli Monitoring shipped with IBM Operations Analytics - Log Analysis](<https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-affect-gskit-component-ibm-tivoli-monitoring-shipped-ibm-operations-analytics-log-analysis>) \n1.3.5 | CVE-2018-1683 | WebSphere Application Server Liberty | [Security Bulletin: Information disclosure in WebSphere Application Server Liberty bundled with IBM Operations Analytics - Log Analysis (CVE-2018-1683)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-liberty-bundled-ibm-operations-analytics-log-analysis-cve-2018-1683>) \n1.3.5 | CVE-2018-8039 | WebSphere Application Server Liberty | [Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server affects IBM Operations Analytics - Log Analysis (CVE-2018-8039)](<https://www.ibm.com/support/pages/security-bulletin-potential-mitm-attack-apache-cxf-used-websphere-application-server-affects-ibm-operations-analytics-log-analysis-cve-2018-8039>) \n \n1.3.1\n\n1.3.2\n\n1.3.3\n\n1.3.4\n\n1.3.5\n\n| CVE-2018-1901 | WebSphere Application Server Liberty | [Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2018-1901)](<https://www.ibm.com/support/pages/security-bulletin-potential-privilege-escalation-vulnerability-websphere-application-server-shipped-ibm-operations-analytics-log-analysis-cve-2018-1901>) \n \n1.3.5 | CVE-2018-1553 | WebSphere Application Server Liberty | [Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2018-1553)](<https://www.ibm.com/support/pages/security-bulletin-information-disclosure-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2018-1553>) \n \n1.3.4\n\n1.3.5\n\n| CVE-2014-7810 | WebSphere Application Server Liberty | [Security Bulletin: Vulnerability in Expression Language library used by WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2014-7810)](<https://www.ibm.com/support/pages/security-bulletin-vulnerability-expression-language-library-used-websphere-application-server-shipped-ibm-operations-analytics-log-analysis-cve-2014-7810>) \n1.3.5 | CVE-2018-1851 | WebSphere Application Server Liberty | [Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM Operations Analytics - Log Analysis (CVE-2018-1851)](<https://www.ibm.com/support/pages/security-bulletin-code-execution-vulnerability-openid-connect-websphere-application-server-liberty-affects-ibm-operations-analytics-log-analysis-cve-2018-1851>) \n \n1.3.1\n\n1.3.2\n\n1.3.3\n\n1.3.4\n\n1.3.5\n\n| CVE-2018-1755 | WebSphere Application Server Liberty | [Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2018-1755)](<https://www.ibm.com/support/pages/node/792677>) \n \n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSPFMY\",\"label\":\"IBM Operations Analytics - Log Analysis\"},\"ARM Category\":[{\"code\":\"a8m50000000L0qYAAS\",\"label\":\"Log Analysis\"},{\"code\":\"a8m50000000CcMiAAK\",\"label\":\"Log Analysis->Framework->Security - Vulnerabilities\"}],\"ARM Case Number\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2021-09-01T11:04:11", "type": "ibm", "title": "Log Analysis Security Bulletin List", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2625", "CVE-2012-0881", "CVE-2013-4002", "CVE-2014-3643", "CVE-2014-7810", "CVE-2015-5237", "CVE-2015-6644", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2017-1000190", "CVE-2017-12624", "CVE-2017-15713", "CVE-2017-3164", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-10237", "CVE-2018-11307", "CVE-2018-11761", "CVE-2018-11766", "CVE-2018-11768", "CVE-2018-11796", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1388", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428", "CVE-2018-1447", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-1553", "CVE-2018-1683", "CVE-2018-17197", "CVE-2018-1755", "CVE-2018-1851", "CVE-2018-1901", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-5968", "CVE-2018-8017", "CVE-2018-8036", "CVE-2018-8039", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-0228", "CVE-2019-10088", "CVE-2019-10094", "CVE-2019-10172", "CVE-2019-10202", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-16335", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17558", "CVE-2019-4046", "CVE-2019-4214", "CVE-2019-4215", "CVE-2019-4216", "CVE-2019-4243", "CVE-2019-4244", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-13957", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-1945", "CVE-2020-4590", "CVE-2020-8840", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "modified": "2021-09-01T11:04:11", "id": "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "href": "https://www.ibm.com/support/pages/node/6483079", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T21:37:09", "description": "## Summary\n\nNetcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-26612](<https://vulners.com/cve/CVE-2022-26612>) \n** DESCRIPTION: **Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes by the unTar function. By following symbolic links, an attacker could exploit this vulnerability to write arbitrary files on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-29824](<https://vulners.com/cve/CVE-2022-29824>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an integer overflows in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-40528](<https://vulners.com/cve/CVE-2021-40528>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a cross-configuration attack against OpenPGP. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-31176](<https://vulners.com/cve/CVE-2022-31176>) \n** DESCRIPTION: **Grafana Image Renderer could allow a remote authenticated attacker to obtain sensitive information, caused by an unauthorized file disclosure vulnerability. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to retrieve unauthorized files under some network conditions. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235284](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235284>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H) \n \n** CVEID: **[CVE-2022-1586](<https://vulners.com/cve/CVE-2022-1586>) \n** DESCRIPTION: **PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the compile_xclass_matchingpath() function in the pcre2_jit_compile.c file. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226863>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2526](<https://vulners.com/cve/CVE-2022-2526>) \n** DESCRIPTION: **systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in \"resolved-dns-stream.c\" not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235161](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235161>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-24434](<https://vulners.com/cve/CVE-2022-24434>) \n** DESCRIPTION: **Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a remote attacker could exploit this vulnerability to crash the node.js service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227085](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227085>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8912](<https://vulners.com/cve/CVE-2020-8912>) \n** DESCRIPTION: **Amazon AWS S3 Crypto SDK for GoLang could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the in-band key negotiation. By sending a specially-crafted request, an attacker could exploit this vulnerability to change the encryption algorithm of an object in the bucket or obtain the authentication key used by AES-GCM. \nCVSS Base score: 2.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-46708](<https://vulners.com/cve/CVE-2021-46708>) \n** DESCRIPTION: **npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-31129](<https://vulners.com/cve/CVE-2022-31129>) \n** DESCRIPTION: **Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230690>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-35255](<https://vulners.com/cve/CVE-2022-35255>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by the failure to check the return value after calls are made to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-35256](<https://vulners.com/cve/CVE-2022-35256>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-22476](<https://vulners.com/cve/CVE-2022-22476>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225604](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225604>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-34917](<https://vulners.com/cve/CVE-2022-34917>) \n** DESCRIPTION: **Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate large amounts of memory on brokers, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29446](<https://vulners.com/cve/CVE-2021-29446>) \n** DESCRIPTION: **jose-node-cjs-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200209](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200209>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-37404](<https://vulners.com/cve/CVE-2021-37404>) \n** DESCRIPTION: **Apache Hadoop is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the libhdfs native code. By opening a specially-crafted file path, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25168](<https://vulners.com/cve/CVE-2022-25168>) \n** DESCRIPTION: **Apache Hadoop could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper input file name validation by the FileUtil.unTar(File, File) API. By sending specially-crafted arguments, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-33987](<https://vulners.com/cve/CVE-2022-33987>) \n** DESCRIPTION: **Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a redirect to a UNIX socket. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229246](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229246>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-29445](<https://vulners.com/cve/CVE-2021-29445>) \n** DESCRIPTION: **jose-node-esm-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200210](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200210>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-1000048](<https://vulners.com/cve/CVE-2017-1000048>) \n** DESCRIPTION: **Ljharb qs is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-24329](<https://vulners.com/cve/CVE-2022-24329>) \n** DESCRIPTION: **JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15168](<https://vulners.com/cve/CVE-2020-15168>) \n** DESCRIPTION: **Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor the size option after following a redirect. By using a specially-crafted file, a remote attacker could exploit this vulnerability to consume excessive resource on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188155>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29444](<https://vulners.com/cve/CVE-2021-29444>) \n** DESCRIPTION: **jose-browser-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200211](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200211>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3737](<https://vulners.com/cve/CVE-2021-3737>) \n** DESCRIPTION: **Python is vulnerable to a denial of service, caused by improper handling of HTTP response in the HTTP client code. By persuading a victim to visit a specially-crafted web site, a remote attacker could exploit this vulnerability to cause the client script enter an infinite loop, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213407>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-4189](<https://vulners.com/cve/CVE-2021-4189>) \n** DESCRIPTION: **Python could allow a remote attacker to obtain sensitive information, caused by a flaw when using the FTP client library in PASV (passive) mode. By using a specially-crafted FTP server, an attacker could exploit this vulnerability to obtain service banner information from private network., and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227269](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227269>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-36944](<https://vulners.com/cve/CVE-2022-36944>) \n** DESCRIPTION: **Scala could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in LazyList. By sending specially-crafted request using gadget chain, an attacker could exploit this vulnerability to execute arbitrary code, erase contents of arbitrary files or make network connections. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<https://vulners.com/cve/CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-9493](<https://vulners.com/cve/CVE-2020-9493>) \n** DESCRIPTION: **Apache Chainsaw could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-8861](<https://vulners.com/cve/CVE-2015-8861>) \n** DESCRIPTION: **Node.js handlebars module could allow a remote attacker to execute arbitrary code on the system, caused by the failure to use quotes around attributes in handlebar templates. An attacker could exploit this vulnerability to inject and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/112576](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112576>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-19919](<https://vulners.com/cve/CVE-2019-19919>) \n** DESCRIPTION: **Node.js handlebars could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially crafted payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173388](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173388>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20920](<https://vulners.com/cve/CVE-2019-20920>) \n** DESCRIPTION: **Node.js handlebars module could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of the templates by the lookup helper. By sending specially-crafted templates, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20922](<https://vulners.com/cve/CVE-2019-20922>) \n** DESCRIPTION: **Node.js handlebars module is vulnerable to a denial of service, caused by an endless loop issue when handling templates. By sending specially-crafted templates, a remote attacker could exploit this vulnerability to exhaust available system resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170971](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170971>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-23369](<https://vulners.com/cve/CVE-2021-23369>) \n** DESCRIPTION: **Node.js handlebars module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when selecting certain compiling options to compile templates coming from an untrusted source.. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-23383](<https://vulners.com/cve/CVE-2021-23383>) \n** DESCRIPTION: **handlebars could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution when selecting certain compiling options to compile templates coming from an untrusted source. By sending a a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201205>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1320](<https://vulners.com/cve/CVE-2018-1320>) \n** DESCRIPTION: **Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had successfully completed. An attacker could exploit this vulnerability to bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155199](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155199>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-0205](<https://vulners.com/cve/CVE-2019-0205>) \n** DESCRIPTION: **Apache Thrift is vulnerable to a denial of service, caused by an error when processing untrusted Thrift payload. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28168](<https://vulners.com/cve/CVE-2021-28168>) \n** DESCRIPTION: **Eclipse Jersey could allow a local attacker to obtain sensitive information, caused by use of the File.createTempFile. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-44906](<https://vulners.com/cve/CVE-2021-44906>) \n** DESCRIPTION: **Node.js Minimist module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in setKey() function in the index.js script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-22576](<https://vulners.com/cve/CVE-2022-22576>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by improper authentication validation when reuse OAUTH2-authenticated connections. By sending a specially-crafted request using user + \"other OAUTH2 bearer\", an attacker could exploit this vulnerability to bypass access authentication validation. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225291](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225291>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-27774](<https://vulners.com/cve/CVE-2022-27774>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the \"same host check\" feature during a cross protocol redirects. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225294](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225294>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-27776](<https://vulners.com/cve/CVE-2022-27776>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw when asked to send custom headers or cookies in its HTTP requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain authentication or cookie header data information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225296>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-27782](<https://vulners.com/cve/CVE-2022-27782>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an easy connection reuse flaw for TLS and SSH. By sending a specially-crafted request using the connections in a connection pool, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226252](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226252>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-32206](<https://vulners.com/cve/CVE-2022-32206>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable \"links\" in the \"chained\" HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-32208](<https://vulners.com/cve/CVE-2022-32208>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client.. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-35380](<https://vulners.com/cve/CVE-2020-35380>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service. By using a specially-crafted JSON, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193250](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193250>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42836](<https://vulners.com/cve/CVE-2021-42836>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted JSON, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42248](<https://vulners.com/cve/CVE-2021-42248>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by a flaw in the gjson.Get function. By sending a specially-crafted JSON input, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227236](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227236>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** IBM X-Force ID: **213969 \n** DESCRIPTION: **Node.js ioredis module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/213969 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213969>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L) \n \n** IBM X-Force ID: **237819 \n** DESCRIPTION: **Node.js moment-timezone module could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the grunt-zdownload.js, data-zdump.js, and data-zic.js scripts. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/237819 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237819>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** IBM X-Force ID: **220573 \n** DESCRIPTION: **FasterXML Woodstox could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220573 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220573>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** IBM X-Force ID: **177835 \n** DESCRIPTION: **Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177835>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight| 1.4.x \nNetcool Operations Insight| 1.5.x \nNetcool Operations Insight| 1.6.x \n \n\n\n## Remediation/Fixes\n\nAs per CVEs listed above \n\nIBM strongly suggests the following remediation / fixes:\n\nNetcool Operations Insight v1.6.7 can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture. \n\nPlease go to [https://www.ibm.com/docs/en/noi/1.6.7?topic=installing](<https://www.ibm.com/docs/en/noi/1.6.4?topic=installing>) to follow the installation instructions relevant to your chosen architecture.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-15T09:13:44", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8861", "CVE-2017-1000048", "CVE-2018-1320", "CVE-2019-0205", "CVE-2019-17571", "CVE-2019-19919", "CVE-2019-20920", "CVE-2019-20922", "CVE-2020-13956", "CVE-2020-15168", "CVE-2020-35380", "CVE-2020-8912", "CVE-2020-9488", "CVE-2020-9493", "CVE-2021-23369", "CVE-2021-23383", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28168", "CVE-2021-28169", "CVE-2021-29444", "CVE-2021-29445", "CVE-2021-29446", "CVE-2021-3121", "CVE-2021-34428", "CVE-2021-34429", "CVE-2021-3737", "CVE-2021-37404", "CVE-2021-40528", "CVE-2021-4104", "CVE-2021-4189", "CVE-2021-42248", "CVE-2021-42836", "CVE-2021-44832", "CVE-2021-44906", "CVE-2021-46708", "CVE-2022-1586", "CVE-2022-22476", "CVE-2022-22576", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307", "CVE-2022-24329", "CVE-2022-24434", "CVE-2022-25168", "CVE-2022-2526", "CVE-2022-26612", "CVE-2022-27774", "CVE-2022-27776", "CVE-2022-27782", "CVE-2022-29824", "CVE-2022-31129", "CVE-2022-31176", "CVE-2022-32206", "CVE-2022-32208", "CVE-2022-33987", "CVE-2022-34917", "CVE-2022-35255", "CVE-2022-35256", "CVE-2022-36944"], "modified": "2022-12-15T09:13:44", "id": "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "href": "https://www.ibm.com/support/pages/node/6848225", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2022-03-26T18:51:45", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2661-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Sylvain Beucler\nMay 14, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : jetty9\nVersion : 9.2.30-0+deb9u1\nCVE ID : CVE-2017-9735 CVE-2018-12536 CVE-2019-10241 CVE-2019-10247 \n CVE-2020-27216\nDebian Bug : 864898 902774 928444\n\nSeveral vulnerabilities were discovered in jetty, a Java servlet\nengine and webserver. An attacker may reveal cryptographic credentials\nsuch as passwords to a local user, disclose installation paths, hijack\nuser sessions or tamper with collocated webapps.\n\nCVE-2017-9735\n\n Jetty is prone to a timing channel in util/security/Password.java,\n which makes it easier for remote attackers to obtain access by\n observing elapsed times before rejection of incorrect passwords.\n\nCVE-2018-12536\n\n On webapps deployed using default Error Handling, when an\n intentionally bad query arrives that doesn't match a dynamic\n url-pattern, and is eventually handled by the DefaultServlet's\n static file serving, the bad characters can trigger a\n java.nio.file.InvalidPathException which includes the full path to\n the base resource directory that the DefaultServlet and/or webapp\n is using. If this InvalidPathException is then handled by the\n default Error Handler, the InvalidPathException message is\n included in the error response, revealing the full server path to\n the requesting system.\n\nCVE-2019-10241\n\n The server is vulnerable to XSS conditions if a remote client USES\n a specially formatted URL against the DefaultServlet or\n ResourceHandler that is configured for showing a Listing of\n directory contents.\n\nCVE-2019-10247\n\n The server running on any OS and Jetty version combination will\n reveal the configured fully qualified directory base resource\n location on the output of the 404 error for not finding a Context\n that matches the requested path. The default server behavior on\n jetty-distribution and jetty-home will include at the end of the\n Handler tree a DefaultHandler, which is responsible for reporting\n this 404 error, it presents the various configured contexts as\n HTML for users to click through to. This produced HTML includes\n output that contains the configured fully qualified directory base\n resource location for each context.\n\nCVE-2020-27216\n\n On Unix like systems, the system's temporary directory is shared\n between all users on that system. A collocated user can observe\n the process of creating a temporary sub directory in the shared\n temporary directory and race to complete the creation of the\n temporary subdirectory. If the attacker wins the race then they\n will have read and write permission to the subdirectory used to\n unpack web applications, including their WEB-INF/lib jar files and\n JSP files. If any code is ever executed out of this temporary\n directory, this can lead to a local privilege escalation\n vulnerability.\n\nThis update also includes several other bug fixes and\nimprovements. For more information please refer to the upstream\nchangelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version\n9.2.30-0+deb9u1.\n\nWe recommend that you upgrade your jetty9 packages.\n\nFor the detailed security status of jetty9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/jetty9\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-14T13:28:53", "type": "debian", "title": "[SECURITY] [DLA 2661-1] jetty9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9735", "CVE-2018-12536", "CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27216"], "modified": "2021-05-14T13:28:53", "id": "DEBIAN:DLA-2661-1:5DE5A", "href": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2021-10-19T20:40:12", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.36. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:2498\n\nSecurity Fix(es):\n\n* jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n* jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-29T05:50:19", "type": "redhat", "title": "(RHSA-2021:2499) Moderate: OpenShift Container Platform 4.6.36 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223"], "modified": "2021-06-29T06:10:11", "id": "RHSA-2021:2499", "href": "https://access.redhat.com/errata/RHSA-2021:2499", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:21", "description": "Eclipse is an integrated development environment (IDE).\n\nThe rh-eclipse packages have been upgraded to version 4.17, which is based on the Eclipse Foundation's 2020-09 release train.\n\nFor instructions on how to use rh-eclipse, see Using Eclipse linked from the References section.\n\nSecurity Fix(es):\n\n* jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Changes chapter in the Using Eclipse guide linked from the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-23T08:51:52", "type": "redhat", "title": "(RHSA-2020:5168) Moderate: rh-eclipse security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2020-11-23T08:55:08", "id": "RHSA-2020:5168", "href": "https://access.redhat.com/errata/RHSA-2020:5168", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:43", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.5.41. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2430\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2021-21642)\n\n* jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n* jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints. (CVE-2021-21643)\n\n* jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)\n\n* jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints. (CVE-2021-21645)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Placeholder bug for OCP 4.5.41 rpm release (BZ#1972114)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-07-01T23:55:11", "type": "redhat", "title": "(RHSA-2021:2431) Important: OpenShift Container Platform 4.5.41 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223", "CVE-2021-21642", "CVE-2021-21643", "CVE-2021-21644", "CVE-2021-21645"], "modified": "2021-07-02T00:10:44", "id": "RHSA-2021:2431", "href": "https://access.redhat.com/errata/RHSA-2021:2431", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-19T20:41:00", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.462. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:2516\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2021-21642)\n\n* jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n* jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints. (CVE-2021-21643)\n\n* jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)\n\n* jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints. (CVE-2021-21645)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-06-30T15:09:46", "type": "redhat", "title": "(RHSA-2021:2517) Important: OpenShift Container Platform 3.11.462 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223", "CVE-2021-21642", "CVE-2021-21643", "CVE-2021-21644", "CVE-2021-21645"], "modified": "2021-06-30T15:28:57", "id": "RHSA-2021:2517", "href": "https://access.redhat.com/errata/RHSA-2021:2517", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-19T20:38:48", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.4.6 serves as a replacement for Red Hat AMQ Broker 7.4.5, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n* jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-02T07:32:06", "type": "redhat", "title": "(RHSA-2021:0329) Moderate: Red Hat AMQ Broker 7.4.6 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216", "CVE-2020-27218"], "modified": "2021-02-02T07:33:14", "id": "RHSA-2021:0329", "href": "https://access.redhat.com/errata/RHSA-2021:0329", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-11-26T18:37:28", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.0. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:3759\n\nSecurity Fix(es):\n\n* jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n* openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action (CVE-2021-36980)\n\n* jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-10-18T16:34:07", "type": "redhat", "title": "(RHSA-2021:3758) Moderate: OpenShift Container Platform 4.9.0 packages and security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169", "CVE-2021-33196", "CVE-2021-34428", "CVE-2021-36980", "CVE-2021-3917"], "modified": "2021-11-10T23:54:55", "id": "RHSA-2021:3758", "href": "https://access.redhat.com/errata/RHSA-2021:3758", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:36:43", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.6.0 serves as a replacement for Red Hat AMQ Broker 7.5.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* netty: HTTP request smuggling (CVE-2019-20444)\n\n* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)\n\n* jetty: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* jetty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* jetty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* jetty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* jetty: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* jetty: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* jetty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions (CVE-2019-10241)\n\n* jetty: error path information disclosure (CVE-2019-10247)\n\n* mqtt-client: activemq: Corrupt MQTT frame can cause broker shutdown (CVE-2019-0222)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-03-23T08:05:45", "type": "redhat", "title": "(RHSA-2020:0922) Important: Red Hat AMQ Broker 7.6 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0222", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-16869", "CVE-2019-20444", "CVE-2019-20445", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518", "CVE-2020-7238"], "modified": "2020-03-23T08:11:28", "id": "RHSA-2020:0922", "href": "https://access.redhat.com/errata/RHSA-2020:0922", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:36:28", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.4.3 serves as a replacement for Red Hat AMQ Broker 7.4.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jetty: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* jetty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* jetty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* jetty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* jetty: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* jetty: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* jetty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* netty: HTTP request smuggling (CVE-2019-20444)\n\n* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)\n\n* mqtt-client: activemq: Corrupt MQTT frame can cause broker shutdown (CVE-2019-0222)\n\n* jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions (CVE-2019-10241)\n\n* jetty: error path information disclosure (CVE-2019-10247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-04-14T12:57:06", "type": "redhat", "title": "(RHSA-2020:1445) Important: Red Hat AMQ Broker 7.4.3 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0222", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-16869", "CVE-2019-20444", "CVE-2019-20445", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518", "CVE-2020-7238"], "modified": "2020-04-14T12:57:30", "id": "RHSA-2020:1445", "href": "https://access.redhat.com/errata/RHSA-2020:1445", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-22T18:39:32", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* resteasy-jaxrs: resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\n* jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)\n\n* commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)\n\n* broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425)\n\n* jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)\n\n* jetty-server: jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)\n\n* broker: AMQ Broker 7: Incorrect privilege in Management Console (CVE-2021-3763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-30T09:53:41", "type": "redhat", "title": "(RHSA-2021:3700) Moderate: Red Hat AMQ Broker 7.9.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13956", "CVE-2020-27223", "CVE-2021-20289", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21409", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-29425", "CVE-2021-3425", "CVE-2021-34428", "CVE-2021-34429", "CVE-2021-3763"], "modified": "2021-09-30T09:54:25", "id": "RHSA-2021:3700", "href": "https://access.redhat.com/errata/RHSA-2021:3700", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:37:45", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.8.0 serves as a replacement for Red Hat AMQ Broker 7.7.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* hawtio: server side request forgery via initial /proxy/ substring of a URI (CVE-2019-9827)\n\n* mqtt-client: activemq: remote XSS in web console diagram plugin (CVE-2020-13932)\n\n* jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)\n\n* Hawtio: HTTPOnly and Secure attributes not set on cookies (CVE-2015-5183)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-12-08T08:51:34", "type": "redhat", "title": "(RHSA-2020:5365) Moderate: Red Hat AMQ Broker 7.8 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5183", "CVE-2019-9827", "CVE-2020-13932", "CVE-2020-27216", "CVE-2021-26117", "CVE-2021-26118"], "modified": "2021-02-11T15:33:32", "id": "RHSA-2020:5365", "href": "https://access.redhat.com/errata/RHSA-2020:5365", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:48", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.8.2 serves as a replacement for Red Hat AMQ Broker 7.8.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425)\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-07-12T12:07:41", "type": "redhat", "title": "(RHSA-2021:2689) Moderate: Red Hat AMQ Broker 7.8.2 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21409", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-3425"], "modified": "2021-07-12T12:09:00", "id": "RHSA-2021:2689", "href": "https://access.redhat.com/errata/RHSA-2021:2689", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:38:20", "description": "This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)\n\n* springframework: DoS Attack via Range Requests (CVE-2018-15756)\n\n* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-26T15:40:22", "type": "redhat", "title": "(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9251", "CVE-2017-16012", "CVE-2017-5929", "CVE-2018-11771", "CVE-2018-12536", "CVE-2018-15756", "CVE-2019-10174", "CVE-2019-10184", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-11272", "CVE-2019-12384", "CVE-2019-12422", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-17570", "CVE-2019-3802", "CVE-2019-3888", "CVE-2019-5427", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2021-01-13T11:11:03", "id": "RHSA-2020:0983", "href": "https://access.redhat.com/errata/RHSA-2020:0983", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-15T20:13:17", "description": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.8.0 serves as a replacement for Red Hat AMQ Streams 1.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* snakeyaml: Billion laughs attack via alias feature (CVE-2017-18640)\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* json-smart: uncaught exception may lead to crash or information disclosure (CVE-2021-27568)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\n* jersey: Local information disclosure via system temporary directory (CVE-2021-28168)\n\n* jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)\n\n* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)\n\n* jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T07:14:27", "type": "redhat", "title": "(RHSA-2021:3225) Moderate: Red Hat AMQ Streams 1.8.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18640", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21409", "CVE-2021-27568", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28168", "CVE-2021-28169", "CVE-2021-29425", "CVE-2021-34428"], "modified": "2021-08-19T07:14:47", "id": "RHSA-2021:3225", "href": "https://access.redhat.com/errata/RHSA-2021:3225", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-09-09T08:01:35", "description": "A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.\n\nSecurity Fix(es):\n\n* hadoop: WebHDFS client might send SPNEGO authorization header (CVE-2020-9492)\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* mysql-connector-java: unauthorized access to critical (CVE-2021-2471)\n\n* lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)\n\n* elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure (CVE-2021-22132)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\n* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)\n\n* Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)\n\n* xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)\n\n* resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\n* elasticsearch: Document disclosure flaw when Document or Field Level Security is used (CVE-2021-22137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-09T07:10:55", "type": "redhat", "title": "(RHSA-2022:6407) Moderate: Red Hat Integration Camel-K 1.8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.9, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223", "CVE-2020-36518", "CVE-2020-9492", "CVE-2021-20289", "CVE-2021-22132", "CVE-2021-22137", "CVE-2021-2471", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-3520", "CVE-2021-3629", "CVE-2021-37714", "CVE-2021-38153", "CVE-2021-40690"], "modified": "2022-09-09T07:11:03", "id": "RHSA-2022:6407", "href": "https://access.redhat.com/errata/RHSA-2022:6407", "cvss": {"score": 7.9, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-11-22T18:38:31", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.9.0. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:3758\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation (CVE-2021-26539)\n\n* sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element (CVE-2021-26540)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string (CVE-2021-29059)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-x86_64\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-s390x\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-ppc64le\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-10-18T17:16:43", "type": "redhat", "title": "(RHSA-2021:3759) Moderate: OpenShift Container Platform 4.9.0 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26539", "CVE-2021-26540", "CVE-2021-28092", "CVE-2021-28169", "CVE-2021-29059", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-32690", "CVE-2021-33194", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34428", "CVE-2021-34558", "CVE-2021-36980"], "modified": "2021-10-18T17:18:42", "id": "RHSA-2021:3759", "href": "https://access.redhat.com/errata/RHSA-2021:3759", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-23T10:39:50", "description": "This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and\nenhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jetty (CVE-2021-28163, CVE-2020-27218, CVE-2020-27223, CVE-2021-28164, CVE-2021-28169, CVE-2021-28165, CVE-2021-34428, CVE-2021-34428)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)\n\n* xstream (CVE-2021-39144, CVE-2021-39141, CVE-2021-39154, CVE-2021-39153, CVE-2021-39152, CVE-2021-39151, CVE-2021-39150, CVE-2021-39149, CVE-2021-39148, CVE-2021-39147, CVE-2021-39146, CVE-2021-39145, CVE-2021-39140, CVE-2021-39139, CVE-2021-21351, CVE-2021-21350, CVE-2021-21349, CVE-2021-21348, CVE-2021-21347, CVE-2021-21346, CVE-2021-21345, CVE-2021-21344, CVE-2021-21343, CVE-2021-21342, CVE-2021-21341, CVE-2021-29505, CVE-2020-26259, CVE-2020-26258, CVE-2020-26217) \n\n* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)\n\n* RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)\n\n* resteasy-core: resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\n* velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)\n\n* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)\n\n* mongodb-driver: mongo-java-driver: client-side field level encryption not verifying KMS host name (CVE-2021-20328)\n\n* gradle: information disclosure through temporary directory permissions (CVE-2021-29429)\n\n* json-smart: uncaught exception may lead to crash or information disclosure (CVE-2021-27568)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-23T10:29:48", "type": "redhat", "title": "(RHSA-2021:4767) Moderate: Red Hat Integration Camel Extensions for Quarkus GA security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936", "CVE-2020-14326", "CVE-2020-26217", "CVE-2020-26258", "CVE-2020-26259", "CVE-2020-27218", "CVE-2020-27223", "CVE-2020-28052", "CVE-2020-28491", "CVE-2021-20289", "CVE-2021-20328", "CVE-2021-21341", "CVE-2021-21342", "CVE-2021-21343", "CVE-2021-21344", "CVE-2021-21345", "CVE-2021-21346", "CVE-2021-21347", "CVE-2021-21348", "CVE-2021-21349", "CVE-2021-21350", "CVE-2021-21351", "CVE-2021-27568", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-29429", "CVE-2021-29505", "CVE-2021-34428", "CVE-2021-3629", "CVE-2021-3642", "CVE-2021-3690", "CVE-2021-39139", "CVE-2021-39140", "CVE-2021-39141", "CVE-2021-39144", "CVE-2021-39145", "CVE-2021-39146", "CVE-2021-39147", "CVE-2021-39148", "CVE-2021-39149", "CVE-2021-39150", "CVE-2021-39151", "CVE-2021-39152", "CVE-2021-39153", "CVE-2021-39154"], "modified": "2021-11-23T10:30:59", "id": "RHSA-2021:4767", "href": "https://access.redhat.com/errata/RHSA-2021:4767", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-14T22:39:33", "description": "This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core (CVE-2020-9488, CVE-2021-44228)\n\n* nodejs-lodash (CVE-2019-10744)\n\n* libthrift (CVE-2020-13949)\n\n* xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351)\n\n* undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)\n\n* xmlbeans (CVE-2021-23926)\n\n* batik (CVE-2020-11987)\n\n* xmlgraphics-commons (CVE-2020-11988)\n\n* tomcat (CVE-2020-13943)\n\n* bouncycastle (CVE-2020-15522, CVE-2020-15522)\n\n* groovy (CVE-2020-17521)\n\n* tomcat (CVE-2020-17527)\n\n* jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428)\n\n* jackson-dataformat-cbor (CVE-2020-28491)\n\n* jboss-remoting (CVE-2020-35510)\n\n* kubernetes-client (CVE-2021-20218)\n\n* netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)\n\n* spring-web (CVE-2021-22118)\n\n* cxf-core (CVE-2021-22696)\n\n* json-smart (CVE-2021-27568)\n\n* jakarta.el (CVE-2021-28170)\n\n* commons-io (CVE-2021-29425)\n\n* sshd-core (CVE-2021-30129)\n\n* cxf-rt-rs-json-basic (CVE-2021-30468)\n\n* netty-codec (CVE-2021-37136, CVE-2021-37137)\n\n* jsoup (CVE-2021-37714)\n\n* poi (CVE-2019-12415)\n\n* mysql-connector-java (CVE-2020-2875, CVE-2020-2934)\n\n* wildfly (CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-12-14T21:27:54", "type": "redhat", "title": "(RHSA-2021:5134) Critical: Red Hat Fuse 7.10.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10744", "CVE-2019-12415", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-13943", "CVE-2020-13949", "CVE-2020-15522", "CVE-2020-17521", "CVE-2020-17527", "CVE-2020-26217", "CVE-2020-26259", "CVE-2020-27218", "CVE-2020-27223", "CVE-2020-27782", "CVE-2020-28491", "CVE-2020-2875", "CVE-2020-2934", "CVE-2020-35510", "CVE-2020-9488", "CVE-2021-20218", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21341", "CVE-2021-21342", "CVE-2021-21343", "CVE-2021-21344", "CVE-2021-21345", "CVE-2021-21346", "CVE-2021-21347", "CVE-2021-21348", "CVE-2021-21349", "CVE-2021-21350", "CVE-2021-21351", "CVE-2021-21409", "CVE-2021-22118", "CVE-2021-22696", "CVE-2021-23926", "CVE-2021-27568", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28169", "CVE-2021-28170", "CVE-2021-29425", "CVE-2021-30129", "CVE-2021-30468", "CVE-2021-34428", "CVE-2021-3536", "CVE-2021-3597", "CVE-2021-3629", "CVE-2021-3690", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-37714", "CVE-2021-44228"], "modified": "2021-12-14T21:28:27", "id": "RHSA-2021:5134", "href": "https://access.redhat.com/errata/RHSA-2021:5134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-31T19:30:00", "description": "This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T18:18:10", "type": "redhat", "title": "(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18640", "CVE-2017-5645", "CVE-2019-12402", "CVE-2019-14887", "CVE-2019-16869", "CVE-2019-20445", "CVE-2020-10688", "CVE-2020-10693", "CVE-2020-10714", "CVE-2020-10719", "CVE-2020-11996", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13936", "CVE-2020-13954", "CVE-2020-13956", "CVE-2020-14040", "CVE-2020-14297", "CVE-2020-14338", "CVE-2020-14340", "CVE-2020-1695", "CVE-2020-17510", "CVE-2020-17518", "CVE-2020-1925", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-25633", "CVE-2020-25638", "CVE-2020-25640", "CVE-2020-25644", "CVE-2020-26258", "CVE-2020-26945", "CVE-2020-27216", "CVE-2020-28052", "CVE-2020-5410", "CVE-2020-5421", "CVE-2020-6950", "CVE-2020-9484", "CVE-2021-27568", "CVE-2021-27807", "CVE-2021-27906", "CVE-2021-28165"], "modified": "2021-11-11T09:25:09", "id": "RHSA-2021:3140", "href": "https://access.redhat.com/errata/RHSA-2021:3140", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-03-08T20:23:42", "description": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-05-03T10:22:41", "type": "redhatcve", "title": "CVE-2019-10241", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241"], "modified": "2023-03-08T18:01:22", "id": "RH:CVE-2019-10241", "href": "https://access.redhat.com/security/cve/cve-2019-10241", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-08T20:23:47", "description": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-05-03T12:04:35", "type": "redhatcve", "title": "CVE-2019-10247", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10247"], "modified": "2023-03-08T18:01:20", "id": "RH:CVE-2019-10247", "href": "https://access.redhat.com/security/cve/cve-2019-10247", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-08T23:20:30", "description": "A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being invalidated and a shared-computer application being left logged in. The highest threat from this vulnerability is to data confidentiality and integrity.\n#### Mitigation\n\nApplications should catch all Throwables within their SessionListener#sessionDestroyed() implementations. \n\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-06-22T18:16:39", "type": "redhatcve", "title": "CVE-2021-34428", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34428"], "modified": "2023-03-08T20:27:04", "id": "RH:CVE-2021-34428", "href": "https://access.redhat.com/security/cve/cve-2021-34428", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-11T08:25:21", "description": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.\n#### Mitigation\n\nJetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker. \n\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-23T21:03:44", "type": "redhatcve", "title": "CVE-2020-27216", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2023-03-11T07:36:33", "id": "RH:CVE-2020-27216", "href": "https://access.redhat.com/security/cve/cve-2020-27216", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T08:13:05", "description": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-02T15:02:57", "type": "redhatcve", "title": "CVE-2020-27223", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2023-03-18T08:09:29", "id": "RH:CVE-2020-27223", "href": "https://access.redhat.com/security/cve/cve-2020-27223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2023-02-08T16:52:05", "description": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. ([CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>))\n\nImpact\n\nA remote attacker may be able to exploit this vulnerability leading to disclosure of sensitive information or modification of data.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-12-14T19:41:00", "type": "f5", "title": "Eclipse Jetty vulnerability CVE-2019-10241", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10241"], "modified": "2021-08-16T21:22:00", "id": "F5:K01869532", "href": "https://support.f5.com/csp/article/K01869532", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-08T16:52:01", "description": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. ([CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>))\n\nImpact\n\nAccess to restricted information is obtained when base resource locations are revealed in the output of the 404 error.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-01T20:46:00", "type": "f5", "title": "Jetty vulnerability CVE-2019-10247", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10247"], "modified": "2021-08-16T21:39:00", "id": "F5:K41412302", "href": "https://support.f5.com/csp/article/K41412302", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-08T16:12:28", "description": "For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. ([CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>))\n\nImpact\n\nFor deployments with clustered sessions and multiple contexts, a session may not be invalidated. As a result, an application used on a shared computer may remain logged in.\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2022-04-26T21:26:00", "type": "f5", "title": "Eclipse Jetty vulnerability CVE-2021-34428", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34428"], "modified": "2022-04-26T21:26:00", "id": "F5:K51975973", "href": "https://support.f5.com/csp/article/K51975973", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-08T16:07:35", "description": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. ([CVE-2020-27216](<https://vulners.com/cve/CVE-2020-27216>)) \n\nImpact\n\nA successful exploit could allow an authenticated user to cause a local privilege escalation vulnerability.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T17:09:00", "type": "f5", "title": "Eclipse Jetty vulnerability CVE-2020-27216", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27216"], "modified": "2022-05-18T17:19:00", "id": "F5:K18484125", "href": "https://support.f5.com/csp/article/K18484125", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2021-06-08T18:53:58", "description": "### Description\n\nEclipse Jetty is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n\n### Technologies Affected\n\n * Eclipse Jetty 9.2.26 \n * Eclipse Jetty 9.3.25 \n * Eclipse Jetty 9.4.15 \n * IBM Network Performance Insight 1.3.0.0 \n * NetApp Element Software \n * NetApp Element Software Management Node \n * NetApp HCI Storage Nodes \n * NetApp Snap Creator Framework \n * NetApp SnapCenter \n * NetApp SnapManager for Oracle \n * NetApp SnapManager for SAP \n * NetApp Storage Replication Adapter for Clustered Data ONTAP for VMware 7.2 \n * NetApp VASA Provider for Clustered Data ONTAP 7.2 \n * NetApp Virtual Storage Console for VMware vSphere 7.2 \n * Oracle Retail Xstore Point of Service 15.0 \n * Oracle Retail Xstore Point of Service 16.0 \n * Oracle Retail Xstore Point of Service 17.0 \n * Oracle Retail Xstore Point of Service 7.1 \n * Redhat Enterprise Linux 7 \n * Redhat Software Collections for RHEL \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity which may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to websites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users. \n\n**Set web browser security to disable the execution of JavaScript.** \nSince exploiting cross-site scripting issues often requires malicious script code to run in browsers, consider disabling script code and active content support within a client browser as a way to prevent a successful exploit. Note that this mitigation tactic might adversely affect legitimate sites that rely on the execution of browser-based script code.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure servers and other applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2019-04-04T00:00:00", "type": "symantec", "title": "Eclipse Jetty CVE-2019-10241 Cross Site Scripting Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-10241"], "modified": "2019-04-04T00:00:00", "id": "SMNTC-110519", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110519", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:53:58", "description": "### Description\n\nEclipse Jetty is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Eclipse Jetty version 7.x, 8.x, 9.2.27 and prior, 9.3.26 and prior, and 9.4.16 and prior are vulnerable.\n\n### Technologies Affected\n\n * Eclipse Jetty 7.0 \n * Eclipse Jetty 8.0 \n * Eclipse Jetty 9.2.27 \n * Eclipse Jetty 9.2.27.v20190403 \n * Eclipse Jetty 9.3.26 \n * Eclipse Jetty 9.3.26.v20190403 \n * Eclipse Jetty 9.4.12 \n * Eclipse Jetty 9.4.16 \n * IBM Network Performance Insight 1.3.0.0 \n * NetApp Element Software \n * NetApp Element Software Management Node \n * NetApp HCI Storage Nodes \n * NetApp Snap Creator Framework \n * NetApp SnapCenter \n * NetApp SnapManager for Oracle \n * NetApp SnapManager for SAP \n * NetApp Storage Replication Adapter for Clustered Data ONTAP for VMware 7.2 \n * NetApp VASA Provider for Clustered Data ONTAP 7.2 \n * NetApp Virtual Storage Console for VMware vSphere 7.2 \n * Oracle Enterprise Manager Base Platform 13.2 \n * Oracle Enterprise Manager Base Platform 13.3 \n * Oracle Hospitality Guest Access 4.2.0 \n * Oracle Hospitality Guest Access 4.2.1 \n * Oracle Retail Xstore Point of Service 15.0 \n * Oracle Retail Xstore Point of Service 16.0 \n * Oracle Retail Xstore Point o

[SECURITY] [DSA 4949-1] jetty9 security update

Description

Affected Package

Related