Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1388B6D0BD264D34EDA71FC9627C01ABB05C2AFCFFC98337BE436B5C07DB32E6
HistoryJul 25, 2023 - 1:47 p.m.

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service due to [CVE-2021-27212]

2023-07-2513:47:30
www.ibm.com
11

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.243 Low

EPSS

Percentile

96.5%

JSON

Summary

OpenLDAP is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenLDAP is vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in OpenLDAP. [CVE-2021-27212]

Vulnerability Details

CVEID:CVE-2021-27212
**DESCRIPTION:**OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in slapd within the issuerAndThisUpdateCheck function. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a daemon exit.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196992 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
App Connect Enterprise Certified Container 6.2

Remediation/Fixes

IBM strongly suggests the following:
App Connect Enterprise Certified Container 6.2.x (Continuous Delivery)

Upgrade to App Connect Enterprise Certified Container Operator version 7.0.0 or higher, and ensure that all Dashboard components are at 12.0.7.0-r2 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm app connect enterpriseeq6.2

Related

nessus 26
cloudlinux 2
openvas 23
redhatcve 1
debian 3
osv 5
alpinelinux 1
debiancve 1
cbl_mariner 2
photon 8
veracode 1
cve 1
ubuntu 1
prion 1
ubuntucve 2
suse 1
amazon 2
redos 1
mageia 1
rosalinux 1
ibm 1
ics 1
nessus
nessus
EulerOS 2.0 SP9 : openldap (EulerOS-SA-2021-1954)
2021-06-03 00:00:00
EulerOS 2.0 SP9 : openldap (EulerOS-SA-2021-1933)
2021-06-03 00:00:00
Debian DSA-4860-1 : openldap - security update
2021-02-23 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-27212
2021-11-24 16:11:43
Fix of CVE: CVE-2021-27212
2021-12-06 15:15:48
openvas
openvas
Debian: Security Advisory (DSA-4860-1)
2021-02-23 00:00:00
Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2021-1933)
2021-06-07 00:00:00
Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2021-1954)
2021-06-07 00:00:00
redhatcve
redhatcve
CVE-2021-27212
2021-02-15 15:43:02
debian
debian
[SECURITY] [DSA 4860-1] openldap security update
2021-02-20 13:00:59
[SECURITY] [DLA 2574-1] openldap security update
2021-02-20 18:55:16
[SECURITY] [DSA 4860-1] openldap security update
2021-02-20 13:00:59
osv
osv
openldap - security update
2021-02-20 00:00:00
openldap - security update
2021-02-21 00:00:00
BIT-openldap-2021-27212
2024-03-06 11:00:07
alpinelinux
alpinelinux
CVE-2021-27212
2021-02-14 03:15:00
debiancve
debiancve
CVE-2021-27212
2021-02-14 03:15:00
cbl_mariner
cbl_mariner
CVE-2021-27212 affecting package openldap 2.4.57-3
2021-04-06 23:50:10
CVE-2021-27212 affecting package openldap 2.4.57-8
2022-04-09 06:51:53
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0367
2021-03-05 00:00:00
Important Photon OS Security Update - PHSA-2021-0367
2021-03-05 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0322
2021-03-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-02-25 18:39:45
cve
cve
CVE-2021-27212
2021-02-14 03:15:00
ubuntu
ubuntu
OpenLDAP vulnerability
2021-02-22 00:00:00
prion
prion
Design/Logic Flaw
2021-02-14 03:15:00
ubuntucve
ubuntucve
CVE-2021-27212
2021-02-14 00:00:00
CVE-2020-20178
2021-05-24 00:00:00
suse
suse
Security update for openldap2 (important)
2021-03-14 00:00:00
amazon
amazon
Important: openldap
2023-04-27 18:37:00
Important: openldap
2023-04-27 16:19:00
redos
redos
ROS-20211223-03
2021-12-23 00:00:00
mageia
mageia
Updated openldap packages fix security vulnerabilities
2021-03-04 19:53:32
rosalinux
rosalinux
Advisory ROSA-SA-2021-1935
2021-07-02 17:36:08
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.243 Low

EPSS

Percentile

96.5%

JSON
Related for 1388B6D0BD264D34EDA71FC9627C01ABB05C2AFCFFC98337BE436B5C07DB32E6
nessus26cloudlinux2openvas23redhatcve1debian3osv5alpinelinux1debiancve1cbl_mariner2photon8veracode1cve1ubuntu1prion1ubuntucve2suse1amazon2redos1mageia1rosalinux1ibm1ics1