Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM90CF485116A952ADEC5B5A85E722DF33D1556D18AE9C7D1F5699712F4EB9F66A
HistoryJun 23, 2022 - 4:59 p.m.

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617)

2022-06-2316:59:04
www.ibm.com
22

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

Summary

IBM Security Guardium has fixed these vulnerabilities.

Vulnerability Details

CVEID:CVE-2021-41617
**DESCRIPTION:**OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when certain non-default configurations are used. By executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a non-root user, an attacker could exploit this vulnerability to gain privileges associated with group memberships of the sshd process.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210062 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-10086
**DESCRIPTION:**Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.4

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 11.4 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p430_Bundle_Apr-28-2022&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq11.4

Related

nessus 64
photon 3
ibm 60
paloalto 1
broadcom 1
fedora 5
redhat 9
debiancve 2
osv 9
cbl_mariner 1
prion 2
cve 2
almalinux 1
amazon 3
ubuntucve 2
redhatcve 2
rocky 1
veracode 2
openvas 5
cgr 1
suse 2
github 1
symantec 1
mageia 2
oraclelinux 4
ubuntu 3
centos 2
f5 1
freebsd 1
aix 1
alpinelinux 1
wolfi 1
debian 2
cloudfoundry 1
nessus
nessus
Photon OS 1.0: Openssh PHSA-2021-1.0-0440
2021-10-10 00:00:00
Amazon Linux AMI : openssh (ALAS-2022-1565)
2022-02-19 00:00:00
EulerOS 2.0 SP5 : openssh (EulerOS-SA-2022-1280)
2022-03-01 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0440
2021-10-10 00:00:00
Important Photon OS Security Update - PHSA-2021-0440
2021-10-10 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0313
2021-10-15 00:00:00
ibm
ibm
Security Bulletin: OpenSSH for IBM i is affected by CVE-2021-41617
2021-12-01 23:03:59
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System
2022-02-16 10:30:47
Security Bulletin: OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation (CVE-2021-41617)
2022-12-21 13:12:26
paloalto
paloalto
Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS
2021-11-30 18:15:00
broadcom
broadcom
A flaw in OpenSSH helper programs could lead to local privilege escalation
2023-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: openssh-8.7p1-2.fc35
2021-10-03 00:15:11
[SECURITY] Fedora 33 Update: openssh-8.4p1-8.fc33
2021-10-14 16:03:28
[SECURITY] Fedora 34 Update: openssh-8.6p1-5.fc34
2021-10-02 01:29:48
redhat
redhat
(RHSA-2021:4782) Moderate: openssh security update
2021-11-23 14:40:20
(RHSA-2020:0057) Important: rh-java-common-apache-commons-beanutils security update
2020-01-08 11:00:17
(RHSA-2020:0194) Important: apache-commons-beanutils security update
2020-01-21 18:21:47
debiancve
debiancve
CVE-2021-41617
2021-09-26 19:15:00
CVE-2019-10086
2019-08-20 21:15:00
osv
osv
openssh vulnerability
2022-10-10 17:50:36
Moderate: openssh security, bug fix, and enhancement update
2022-05-10 06:45:24
Insecure Deserialization in Apache Commons Beanutils
2020-06-15 20:36:17
cbl_mariner
cbl_mariner
CVE-2021-41617 affecting package openssh 8.5p1-3
2021-10-14 02:25:47
prion
prion
Privilege escalation
2021-09-26 19:15:00
Default configuration
2019-08-20 21:15:00
cve
cve
CVE-2021-41617
2021-09-26 19:15:00
CVE-2019-10086
2019-08-20 21:15:00
almalinux
almalinux
Moderate: openssh security, bug fix, and enhancement update
2022-05-10 06:45:24
amazon
amazon
Medium: openssh
2022-02-10 22:00:00
Medium: openssh
2022-02-03 19:30:00
Important: apache-commons-beanutils
2020-02-17 19:50:00
ubuntucve
ubuntucve
CVE-2021-41617
2021-09-26 00:00:00
CVE-2019-10086
2019-08-20 00:00:00
redhatcve
redhatcve
CVE-2021-41617
2021-09-27 20:04:15
CVE-2019-10086
2020-02-14 11:44:26
rocky
rocky
openssh security, bug fix, and enhancement update
2022-05-10 06:45:24
veracode
veracode
Authorization Bypass
2019-08-16 00:43:09
Privilege Escalation
2021-10-06 11:24:31
openvas
openvas
Fedora Update for apache-commons-beanutils FEDORA-2019-79b5790566
2019-11-14 00:00:00
CentOS: Security Advisory for apache-commons-beanutils (CESA-2020:0194)
2020-01-29 00:00:00
Fedora Update for apache-commons-beanutils FEDORA-2019-bcad44b5d6
2020-01-09 00:00:00
cgr
cgr
CVE-2019-10086 vulnerabilities
2024-04-16 09:09:05
suse
suse
Security update for apache-commons-beanutils (important)
2019-09-03 00:00:00
Security update for openssh (important)
2021-12-06 00:00:00
github
github
Insecure Deserialization in Apache Commons Beanutils
2020-06-15 20:36:17
symantec
symantec
Apache Commons Beanutils CVE-2019-10086 Remote Security Vulnerability
2019-08-15 00:00:00
mageia
mageia
Updated apache-commons-beanutils packages fix security vulnerability
2019-12-19 16:44:26
Updated openssh packages fix security vulnerability
2021-12-19 15:26:08
oraclelinux
oraclelinux
openssh security update
2021-12-07 00:00:00
openssh security, bug fix, and enhancement update
2022-05-17 00:00:00
openssh security update
2021-11-24 00:00:00
ubuntu
ubuntu
OpenSSH vulnerability
2022-10-10 00:00:00
Apache Commons BeanUtils vulnerabilities
2021-03-15 00:00:00
OpenSSH vulnerabilities
2024-01-03 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2021-12-01 19:19:31
apache security update
2020-01-28 21:30:14
f5
f5
K12705583 : OpenSSH vulnerability CVE-2021-41617
2021-12-06 00:00:00
freebsd
freebsd
OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand
2021-09-26 00:00:00
aix
aix
Vulnerabilities in OpenSSH affect AIX.
2022-01-06 09:17:41
alpinelinux
alpinelinux
CVE-2021-41617
2021-09-26 19:15:00
wolfi
wolfi
CVE-2019-10086 vulnerabilities
2024-04-16 09:08:09
debian
debian
[SECURITY] [DLA 1896-1] commons-beanutils security update
2019-08-24 14:49:34
[SECURITY] [DLA 3694-1] openssh security update
2023-12-26 02:22:30
cloudfoundry
cloudfoundry
USN-6565-1: OpenSSH vulnerabilities | Cloud Foundry
2024-02-29 00:00:00

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON
Related for 90CF485116A952ADEC5B5A85E722DF33D1556D18AE9C7D1F5699712F4EB9F66A
nessus64photon3ibm60paloalto1broadcom1fedora5redhat9debiancve2osv9cbl_mariner1prion2cve2almalinux1amazon3ubuntucve2redhatcve2rocky1veracode2openvas5cgr1suse2github1symantec1mageia2oraclelinux4ubuntu3centos2f51freebsd1aix1alpinelinux1wolfi1debian2cloudfoundry1