Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM38D3E2235A6B375F5D9244EFE9851E3001DA7F80F079B204954FF8540BD6D6AD
HistoryMar 11, 2022 - 8:12 a.m.

Security Bulletin: WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability and affects Content Collector for Email

2022-03-1108:12:40
www.ibm.com
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.2%

JSON

Summary

WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability

Vulnerability Details

CVEID:CVE-2021-38951
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211405 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Content Collector for Email 4.0.x

Remediation/Fixes

Product VRM Remediation
Content Collector for Email 4.0.1 Use Content Collector for Email 4.0.1.9 Interim Fix IF012

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

Related

ibm 33
prion 1
nessus 1
cnvd 1
cve 1
cvelist 1
ibm
ibm
Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a Denial of Service (CVE-2021-38951)
2022-01-10 08:04:08
Security Bulletin: WebSphere Application Server is vulnerable to a denial of service which can impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology
2022-01-06 20:36:21
Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server shipped with IBM® Intelligent Operations Center (CVE-2021-38951)
2021-12-21 14:53:20
prion
prion
Design/Logic Flaw
2021-12-09 17:15:00
nessus
nessus
IBM WebSphere Application Server 7.x <= 7.0.0.45 / 8.x <= 8.0.0.15 / 8.5.x < 8.5.5.21 / 9.x < 9.0.5.11 DoS
2022-01-13 00:00:00
cnvd
cnvd
IBM WebSphere Application Server Denial of Service Vulnerability (CNVD-2021-99670)
2021-12-12 00:00:00
cve
cve
CVE-2021-38951
2021-12-09 17:15:00
cvelist
cvelist
CVE-2021-38951
2021-12-08 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.2%

JSON
Related for 38D3E2235A6B375F5D9244EFE9851E3001DA7F80F079B204954FF8540BD6D6AD
ibm33prion1nessus1cnvd1cve1cvelist1