Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4DE9414F56F37E1EF0B44386E444179EFE083F22E721E3F6DA25CF051DD33801
HistoryMay 17, 2022 - 2:33 p.m.

Security Bulletin: IBM DataPower Gateway: Update Redis to remediate two CVEs

2022-05-1714:33:27
www.ibm.com
41

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Summary

IBM has addressed the CVEs

Vulnerability Details

CVEID:CVE-2021-32626
**DESCRIPTION:**Redis is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By executing specially-crafted Lua scripts, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210723 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32675
**DESCRIPTION:**Redis is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted Redis Standard Protocol (RESP) requests, a remote attacker could exploit this vulnerability to allocate significant amount of memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210727 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM DataPower Gateway V10CD 10.0.2.0-10.0.3.0
IBM DataPower Gateway 10.0.1 10.0.1.0-10.0.1.5
IBM DataPower Gateway 2018.4.1 2018.4.1.0-2018.4.1.18

Remediation/Fixes

Affected Product Fixed in version APAR
IBM DataPower Gateway V10CD 10.0.4.0 IT38919
IBM DataPower Gateway 10.0.1 10.0.1.6 IT38919
IBM DataPower Gateway 2018.4.1 2018.4.1.19 IT38919

Workarounds and Mitigations

None

Related

ibm 6
cbl_mariner 4
osv 11
veracode 2
ubuntucve 2
cve 2
debiancve 2
prion 2
redhatcve 2
alpinelinux 2
openvas 11
nessus 21
redhat 11
almalinux 2
oraclelinux 2
debian 2
rocky 2
suse 1
freebsd 1
mageia 1
fedora 3
ubuntu 1
photon 3
gentoo 1
oracle 1
ibm
ibm
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to various attacks due to its use of redis (CVE-2021-32675, CVE-2021-32626, CVE-2021-32672)
2022-06-29 14:12:06
Security Bulletin: Multiple vulnerabilities in Redis affecting the IBM Event Streams UI
2021-12-21 17:42:58
Security Bulletin: Mutiple Vulnerabilities in Redis affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
2022-06-22 09:58:56
cbl_mariner
cbl_mariner
CVE-2021-32675 affecting package redis 5.0.5-7
2021-10-22 04:51:42
CVE-2021-32626 affecting package redis 5.0.5-7
2021-10-22 04:51:42
CVE-2021-32675 affecting package redis 6.2.5-1
2022-04-09 06:51:55
osv
osv
BIT-redis-2021-32626
2024-03-06 11:08:35
CVE-2021-32626
2021-10-04 18:15:08
CVE-2021-32675
2021-10-04 18:15:08
veracode
veracode
Remote Code Execution (RCE)
2021-10-05 12:06:07
Denial Of Service (DoS)
2021-10-05 13:27:20
ubuntucve
ubuntucve
CVE-2021-32626
2021-10-04 00:00:00
CVE-2021-32675
2021-10-04 00:00:00
cve
cve
CVE-2021-32626
2021-10-04 18:15:00
CVE-2021-32675
2021-10-04 18:15:00
debiancve
debiancve
CVE-2021-32626
2021-10-04 18:15:00
CVE-2021-32675
2021-10-04 18:15:00
prion
prion
Design/Logic Flaw
2021-10-04 18:15:00
Authentication flaw
2021-10-04 18:15:00
redhatcve
redhatcve
CVE-2021-32626
2021-10-05 18:58:38
CVE-2021-32675
2021-10-05 18:49:10
alpinelinux
alpinelinux
CVE-2021-32675
2021-10-04 18:15:00
CVE-2021-32626
2021-10-04 18:15:00
openvas
openvas
Redis Stack Overflow Vulnerability (GHSA-p486-xggp-782c)
2021-10-06 00:00:00
Debian: Security Advisory (DLA-2810-1)
2021-11-06 00:00:00
Debian: Security Advisory (DSA-5001-1)
2021-11-07 00:00:00
nessus
nessus
RHEL 8 : redis:6 (RHSA-2021:3945)
2021-10-21 00:00:00
RHEL 8 : redis:5 (RHSA-2021:3918)
2021-10-20 00:00:00
RHEL 7 : rh-redis5-redis (RHSA-2021:3947)
2021-10-22 00:00:00
redhat
redhat
(RHSA-2021:3947) Important: rh-redis5-redis security update
2021-10-20 12:49:56
(RHSA-2021:3918) Important: redis:5 security update
2021-10-19 13:14:11
(RHSA-2021:3944) Important: redis:5 security update
2021-10-20 12:38:31
almalinux
almalinux
Important: redis:5 security update
2021-10-19 13:14:11
Important: redis:6 security update
2021-10-20 12:46:40
oraclelinux
oraclelinux
redis:5 security update
2021-10-19 00:00:00
redis:6 security update
2021-10-20 00:00:00
debian
debian
[SECURITY] [DLA 2810-1] redis security update
2021-11-05 11:07:22
[SECURITY] [DSA 5001-1] redis security update
2021-11-05 19:30:06
rocky
rocky
redis:6 security update
2021-10-20 12:46:40
redis:5 security update
2021-10-19 13:14:11
suse
suse
Security update for redis (important)
2021-11-23 00:00:00
freebsd
freebsd
redis -- multiple vulnerabilities
2021-10-04 00:00:00
mageia
mageia
Updated redis packages fix security vulnerability
2021-10-21 00:28:32
fedora
fedora
[SECURITY] Fedora 35 Update: redis-6.2.6-1.fc35
2021-10-29 23:18:43
[SECURITY] Fedora 33 Update: redis-6.0.16-1.fc33
2021-10-12 23:47:15
[SECURITY] Fedora 34 Update: redis-6.2.6-1.fc34
2021-10-12 23:45:06
ubuntu
ubuntu
Redis vulnerabilities
2022-08-03 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0320
2021-10-28 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0119
2021-10-27 00:00:00
Important Photon OS Security Update - PHSA-2021-0119
2021-10-27 00:00:00
gentoo
gentoo
Redis: Multiple Vulnerabilities
2022-09-29 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON
Related for 4DE9414F56F37E1EF0B44386E444179EFE083F22E721E3F6DA25CF051DD33801
ibm6cbl_mariner4osv11veracode2ubuntucve2cve2debiancve2prion2redhatcve2alpinelinux2openvas11nessus21redhat11almalinux2oraclelinux2debian2rocky2suse1freebsd1mageia1fedora3ubuntu1photon3gentoo1oracle1