Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7A951B5207ED5F1520F5B905F0B4FB578DC56130B387117B9B391C9B6B0D3DDA
HistoryAug 30, 2022 - 4:51 p.m.

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2021-22696

2022-08-3016:51:40
www.ibm.com
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.6%

JSON

Summary

IBM TRIRIGA Application Platform discloses CVE-2021-22696

Vulnerability Details

CVEID:CVE-2021-22696
**DESCRIPTION:**Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the authorization server.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199335 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM TRIRIGA Application all

Remediation/Fixes

Product|VRMF|

Remediation/First Fix

—|—|—
IBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on FixCentral.
IBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on FixCentral

Workarounds and Mitigations

None

Related

ibm 7
osv 2
prion 1
cve 1
veracode 1
github 1
redhatcve 1
redhat 2
oracle 2
ibm
ibm
Security Bulletin: Apache CXF Vulnerability Affects IBM Global Mailbox (CVE-2021-22696)
2021-07-30 05:02:10
Security Bulletin: Apache CXF (Publicly disclosed vulnerability)
2021-08-23 05:55:39
Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-22696)
2021-10-01 18:37:49
osv
osv
CVE-2021-22696
2021-04-02 10:15:12
Authorization service vulnerable to DDos attacks in Apache CFX
2021-05-13 22:31:05
prion
prion
Authorization
2021-04-02 10:15:00
cve
cve
CVE-2021-22696
2021-04-02 10:15:00
veracode
veracode
Denial Of Service (DoS)
2021-04-05 06:44:16
github
github
Authorization service vulnerable to DDos attacks in Apache CFX
2021-05-13 22:31:05
redhatcve
redhatcve
CVE-2021-22696
2022-04-26 22:22:45
redhat
redhat
(RHSA-2022:7273) Moderate: Red Hat JBoss Web Server 5.7.0 release and security update
2022-11-02 10:39:18
(RHSA-2021:5134) Critical: Red Hat Fuse 7.10.0 release and security update
2021-12-14 21:27:54
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.6%

JSON
Related for 7A951B5207ED5F1520F5B905F0B4FB578DC56130B387117B9B391C9B6B0D3DDA
ibm7osv2prion1cve1veracode1github1redhatcve1redhat2oracle2