Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8EA04F3BA7E174E18EB5C016F081F597A866E670A2B4AC230266086C64E4A140
HistoryNov 23, 2022 - 9:31 p.m.

Security Bulletin: IBM Sterling Control Center vulnerable to multiple issues to due IBM Cognos Analystics (CVE-2022-4160, CVE-2021-3733)

2022-11-2321:31:26
www.ibm.com
17

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

Summary

IBM Cognos Analytics is shipped with IBM Sterling Control Center. To address multiple vulnerabilities, IBM Sterling Control Center now includes IBM Cognos Analytics 11.1.7.6.

Vulnerability Details

CVEID:CVE-2021-4160
**DESCRIPTION:**OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to launch further attacks on the system
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218394 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2021-3733
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the AbstractBasicAuthHandler class in urllib. By persuading a victim to visit a specially-crafted web site, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Control Center 6.1.3.0 GA through iFix13

Remediation/Fixes

Product

|

Version

|

Remediation

—|—|—

IBM Sterling Control Center

|

6.1.3.0 GA through iFix13

|

6.1.3.0 iFix14 Fix Central - 6.1.3.0

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm control centereq6.1.3

Related

photon 7
cbl_mariner 3
ibm 14
prion 3
wpexploit 1
redhatcve 2
nessus 62
almalinux 3
cve 3
veracode 2
wpvulndb 1
githubexploit 1
redhat 4
osv 13
ubuntucve 2
debiancve 2
oraclelinux 3
f5 1
openvas 49
freebsd 1
openssl 1
debian 2
ubuntu 3
suse 4
fedora 4
thn 1
cloudfoundry 1
mageia 2
rocky 2
amazon 2
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0165
2022-03-23 00:00:00
Moderate Photon OS Security Update - PHSA-2022-4.0-0165
2022-03-23 00:00:00
Important Photon OS Security Update - PHSA-2022-0368
2022-03-04 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-4160 affecting package openssl 1.1.1k-13
2022-04-26 20:16:58
CVE-2021-4160 affecting package openssl 1.1.1k-16
2021-09-09 15:02:55
CVE-2021-3733 affecting package python2 2.7.18-9
2022-08-12 16:45:09
ibm
ibm
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-4160
2023-07-07 15:05:04
Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160
2022-07-11 15:35:28
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to weakened security in OpenSSL ( CVE-2021-4160)
2023-01-12 21:59:00
prion
prion
Cross site request forgery (csrf)
2022-12-26 13:15:00
Authentication flaw
2022-03-10 17:42:00
Design/Logic Flaw
2022-01-28 22:15:00
wpexploit
wpexploit
Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-05 00:00:00
redhatcve
redhatcve
CVE-2021-3733
2021-08-31 15:31:19
CVE-2021-4160
2022-01-31 17:57:31
nessus
nessus
CentOS 8 : python3 (CESA-2021:4057)
2021-11-03 00:00:00
Oracle Linux 8 : python3 (ELSA-2021-4057)
2021-11-02 00:00:00
RHEL 8 : python3 (RHSA-2021:4057)
2021-11-02 00:00:00
almalinux
almalinux
Moderate: python3 security update
2021-11-02 07:48:14
Moderate: python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
Moderate: python27:2.7 security update
2022-05-10 08:02:50
cve
cve
CVE-2022-4160
2022-12-26 13:15:00
CVE-2021-3733
2022-03-10 17:42:00
CVE-2021-4160
2022-01-28 22:15:00
veracode
veracode
Denial Of Service
2022-02-08 22:37:53
Denial Of Service
2021-09-03 01:56:52
wpvulndb
wpvulndb
Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-05 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Openssl
2023-09-11 10:42:41
redhat
redhat
(RHSA-2021:4057) Moderate: python3 security update
2021-11-02 07:48:14
(RHSA-2022:1764) Moderate: python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
(RHSA-2022:1663) Moderate: python27-python and python27-python-pip security update
2022-05-02 07:48:36
osv
osv
CVE-2021-3733
2022-03-10 17:42:59
CVE-2021-3733: ReDoS in urllib.request
2022-03-07 00:00:00
BIT-python-2021-3733
2024-03-06 11:06:14
ubuntucve
ubuntucve
CVE-2021-3733
2021-09-02 00:00:00
CVE-2021-4160
2022-01-28 00:00:00
debiancve
debiancve
CVE-2021-3733
2022-03-10 17:42:00
CVE-2021-4160
2022-01-28 22:15:00
oraclelinux
oraclelinux
python3 security update
2021-11-02 00:00:00
python38:3.8 and python38-devel:3.8 security update
2022-05-17 00:00:00
python27:2.7 security update
2022-05-17 00:00:00
f5
f5
K30184101 : OpenSSL Vulnerability CVE-2021-4160
2022-03-31 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1663)
2022-05-09 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1455)
2022-04-20 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1635)
2022-05-05 00:00:00
freebsd
freebsd
OpenSSL -- BN_mod_exp incorrect results on MIPS
2022-01-28 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2021-4160
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 2808-1] python3.5 security update
2021-11-05 09:21:01
[SECURITY] [DSA 5103-1] openssl security update
2022-03-15 16:56:11
ubuntu
ubuntu
Python vulnerabilities
2021-12-17 00:00:00
Python vulnerabilities
2021-09-16 00:00:00
Python vulnerabilities
2021-12-17 00:00:00
suse
suse
Security update for python (moderate)
2021-10-20 00:00:00
Security update for python (moderate)
2021-10-31 00:00:00
Security update for python3 (moderate)
2021-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: python2.7-2.7.18-15.fc35
2021-09-24 20:59:13
[SECURITY] Fedora 33 Update: python2.7-2.7.18-15.fc33
2021-09-29 01:10:06
[SECURITY] Fedora 34 Update: mingw-python3-3.9.4-3.fc34
2021-09-30 01:15:07
thn
thn
New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
2022-03-16 13:52:00
cloudfoundry
cloudfoundry
USN-5199-1: Python vulnerabilities | Cloud Foundry
2022-03-08 00:00:00
mageia
mageia
Updated python packages fix security vulnerability
2021-10-02 21:57:04
Updated python3 packages fix security vulnerability
2021-09-23 07:49:29
rocky
rocky
python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
python27:2.7 security update
2022-05-10 08:02:50
amazon
amazon
Medium: python27
2022-05-31 23:47:00
Medium: python
2022-05-31 23:50:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON
Related for 8EA04F3BA7E174E18EB5C016F081F597A866E670A2B4AC230266086C64E4A140
photon7cbl_mariner3ibm14prion3wpexploit1redhatcve2nessus62almalinux3cve3veracode2wpvulndb1githubexploit1redhat4osv13ubuntucve2debiancve2oraclelinux3f51openvas49freebsd1openssl1debian2ubuntu3suse4fedora4thn1cloudfoundry1mageia2rocky2amazon2