Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6101231E7790666A5F3D41651D280416BD55B15F5142D36C2747367DC931E9A8
HistoryJun 27, 2023 - 7:31 p.m.

Security Bulletin: Multiple vulnerabilities in Redis may affect IBM Robotic Process Automation for Cloud Pak

2023-06-2719:31:25
www.ibm.com
26

0.023 Low

EPSS

Percentile

89.7%

JSON

Summary

Redis is used by IBM Robotic Process Automation for Cloud Pak as a performance accelerator for the IBM Robotic Process Automation server

Vulnerability Details

CVEID:CVE-2021-21309
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow. By sending an overly long request, an attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197573 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-29477
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the STRALGO LCS command. By sending a specially crafted request, an attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201176 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-29478
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in COPY command for large intsets. By sending a specially crafted request, an attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201174 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32625
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow bug. By using a specially-crafted STRALGO LCS command, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203016 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32626
**DESCRIPTION:**Redis is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By executing specially-crafted Lua scripts, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210723 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32627
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow with Streams. By sending a specially-crafted request using the proto-max-bulk-len and client-query-buffer-limit configuration parameters, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210724 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32628
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the handling of large ziplists. By sending a specially-crafted request using the ziplist configuration parameters, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210725 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32672
**DESCRIPTION:**Redis could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Lua Debugger. By sending specially-crafted requests, an attacker could exploit this vulnerability to read data beyond the actual buffer, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210726 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-32675
**DESCRIPTION:**Redis is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted Redis Standard Protocol (RESP) requests, a remote attacker could exploit this vulnerability to allocate significant amount of memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210727 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-32687
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow with intsets. By sending a specially-crafted request using the intsets, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210728 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32761
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the “BIT” command . By using a specially-crafted “proto-max-bulk-len” configuration parameter and commands bit commands, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206313 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-32762
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the redis-cli command line tool and redis-sentinel service. By parsing specially-crafted large multi-bulk network replies, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210729 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41099
**DESCRIPTION:**Redis is vulnerable to an heap-based buffer overflow, caused by improper bounds checking in the underlying string library. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210649 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation for Cloud Pak 21.0.1-21.0.7.5, 23.0.0 - 23.0.6

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Robotic Process Automation for Cloud Pak 21.0.1 - 21.0.7.5 Update to 21.0.7.6 or higher using the following instructions.
IBM Robotic Process Automation for Cloud Pak 23.0.0 - 23.0.6 Update to 23.0.7 or higher using the following instructions.

Workarounds and Mitigations

None.

Related

ibm 7
nessus 40
osv 18
suse 4
freebsd 5
openvas 28
debian 5
ubuntu 1
mageia 2
almalinux 3
redhat 9
fedora 9
oraclelinux 3
rocky 2
gentoo 2
photon 2
redhatcve 6
cvelist 5
archlinux 1
cve 5
ubuntucve 3
prion 8
redos 6
debiancve 5
alpinelinux 5
cbl_mariner 8
veracode 5
cnvd 1
github 1
ibm
ibm
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-10-06 04:10:57
Security Bulletin: Mutiple Vulnerabilities in Redis affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
2022-06-22 09:58:56
Security Bulletin: Multiple vulnerabilities in Redis affecting the IBM Event Streams UI
2021-12-21 17:42:58
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Redis vulnerabilities (USN-5221-1)
2023-10-16 00:00:00
Debian DSA-5001-1 : redis - security update
2021-11-06 00:00:00
openSUSE 15 Security Update : redis (openSUSE-SU-2021:3772-1)
2021-11-24 00:00:00
osv
osv
redis vulnerabilities
2022-08-03 10:10:42
redis - security update
2021-11-05 00:00:00
Important: redis:5 security update
2021-10-19 13:14:11
suse
suse
Security update for redis (important)
2021-11-23 00:00:00
Security update for redis (important)
2021-05-08 00:00:00
Security update for redis (moderate)
2021-06-05 00:00:00
freebsd
freebsd
redis -- multiple vulnerabilities
2021-10-04 00:00:00
redis -- multiple vulnerabilities
2021-05-03 00:00:00
redis -- integer overflow
2021-06-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5221-1)
2023-01-27 00:00:00
Fedora: Security Advisory for redis (FEDORA-2021-61c487f241)
2021-10-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3772-1)
2021-11-24 00:00:00
debian
debian
[SECURITY] [DSA 5001-1] redis security update
2021-11-05 19:30:24
[SECURITY] [DLA 2810-1] redis security update
2021-11-05 11:16:16
[SECURITY] [DLA 2717-1] redis security update
2021-07-22 10:15:55
ubuntu
ubuntu
Redis vulnerabilities
2022-08-03 00:00:00
mageia
mageia
Updated redis packages fix security vulnerability
2021-10-21 00:28:32
Updated redis package fixes security vulnerabilities
2021-07-25 17:45:06
almalinux
almalinux
Important: redis:6 security update
2021-10-20 12:46:40
Important: redis:5 security update
2021-10-19 13:14:11
Important: redis:6 security update
2021-05-19 07:13:43
redhat
redhat
(RHSA-2021:3947) Important: rh-redis5-redis security update
2021-10-20 12:49:56
(RHSA-2021:3918) Important: redis:5 security update
2021-10-19 13:14:11
(RHSA-2021:3971) Important: Red Hat OpenStack Platform 10.0 (redis) security update
2021-10-25 13:10:55
fedora
fedora
[SECURITY] Fedora 34 Update: redis-6.2.6-1.fc34
2021-10-12 23:45:06
[SECURITY] Fedora 35 Update: redis-6.2.6-1.fc35
2021-10-29 23:18:43
[SECURITY] Fedora 33 Update: redis-6.0.16-1.fc33
2021-10-12 23:47:15
oraclelinux
oraclelinux
redis:6 security update
2021-10-20 00:00:00
redis:5 security update
2021-10-19 00:00:00
redis:6 security update
2021-05-26 00:00:00
rocky
rocky
redis:6 security update
2021-10-20 12:46:40
redis:5 security update
2021-10-19 13:14:11
gentoo
gentoo
Redis: Multiple Vulnerabilities
2022-09-29 00:00:00
Redis: Multiple vulnerabilities
2021-07-09 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0320
2021-10-28 00:00:00
Important Photon OS Security Update - PHSA-2021-0050
2021-06-22 00:00:00
redhatcve
redhatcve
CVE-2021-32625
2021-07-09 14:52:35
CVE-2021-29478
2021-05-05 18:45:32
CVE-2021-32762
2021-10-05 18:01:53
cvelist
cvelist
CVE-2021-32625 Redis vulnerability in STRALGO LCS on 32-bit systems
2021-06-02 19:35:11
CVE-2021-32761 Integer overflow issues with *BIT commands on 32-bit systems
2021-07-21 20:50:09
CVE-2021-29478 Vulnerability in the COPY command for large intsets
2021-05-04 16:00:23
archlinux
archlinux
[ASA-202106-12] redis: arbitrary code execution
2021-06-01 00:00:00
cve
cve
CVE-2021-32625
2021-06-02 20:15:00
CVE-2021-29477
2021-05-04 16:15:00
CVE-2021-32761
2021-07-21 21:15:00
ubuntucve
ubuntucve
CVE-2021-32625
2021-06-02 00:00:00
CVE-2021-29478
2021-05-04 00:00:00
CVE-2021-32761
2021-07-21 00:00:00
prion
prion
Integer overflow
2021-06-02 20:15:00
Integer overflow
2021-05-04 16:15:00
Integer overflow
2021-10-04 18:15:00
redos
redos
ROS-2-658
2021-12-24 00:00:00
ROS-2-519
2021-09-08 00:00:00
ROS-2-597
2021-09-08 00:00:00
debiancve
debiancve
CVE-2021-32625
2021-06-02 20:15:00
CVE-2021-29478
2021-05-04 16:15:00
CVE-2021-32761
2021-07-21 21:15:00
alpinelinux
alpinelinux
CVE-2021-32625
2021-06-02 20:15:00
CVE-2021-29477
2021-05-04 16:15:00
CVE-2021-32761
2021-07-21 21:15:00
cbl_mariner
cbl_mariner
CVE-2021-32761 affecting package redis 5.0.5-7
2021-10-22 04:51:42
CVE-2021-32762 affecting package redis for versions less than 6.2.6-1
2022-04-09 06:51:55
CVE-2021-32761 affecting package redis for versions less than 6.2.5-1
2022-04-09 06:51:55
veracode
veracode
Remote Code Execution
2021-07-23 23:39:15
Remote Code Execution (RCE)
2021-05-06 04:01:47
Remote Code Execution
2021-05-06 04:01:48
cnvd
cnvd
Redis remote code execution vulnerability
2021-07-22 00:00:00
github
github
Integer overflow on 32-bit systems
2021-08-11 20:11:11

0.023 Low

EPSS

Percentile

89.7%

JSON
Related for 6101231E7790666A5F3D41651D280416BD55B15F5142D36C2747367DC931E9A8
ibm7nessus40osv18suse4freebsd5openvas28debian5ubuntu1mageia2almalinux3redhat9fedora9oraclelinux3rocky2gentoo2photon2redhatcve6cvelist5archlinux1cve5ubuntucve3prion8redos6debiancve5alpinelinux5cbl_mariner8veracode5cnvd1github1