Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE
HistoryOct 11, 2021 - 6:12 p.m.

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

2021-10-1118:12:27
www.ibm.com
24

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.939 High

EPSS

Percentile

98.7%

JSON

Summary

IBM Data Risk Manager has addressed the following vulnerabilities:

Vulnerability Details

CVEID:CVE-2021-20227
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by a use-after-free flaw in the SELECT query function in src/select.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition or possibly execute arbitrary code on the system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198960 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-2388
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205815 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-2369
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-2432
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205856 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-29154
**DESCRIPTION:**Linux Kernel could allow a could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue with incorrect computation of branch displacements in BPF JIT compiler. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, and execute arbitrary code in the Kernel mode.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199609 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-38915
**DESCRIPTION:**IBM Cloud Pak - Risk Manager stores user credentials in plain clear text which can be read by an authenticated user.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209947 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-22118
**DESCRIPTION:**VMware Tanzu Spring Framework could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the WebFlux application. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to read or modify files in the WebFlux application, or overwrite arbitrary files with multipart request data.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202705 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)

CVEID:CVE-2021-3715
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208836 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-27777
**DESCRIPTION:**Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with the Run-Time Abstraction Services (RTAS) interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to overwrite some parts of memory, including kernel memory.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192283 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-2161
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200290 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-3347
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a kernel stack use-after-free during fault handling in PI futexes. An attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195798 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-22119
**DESCRIPTION:**VMware Tanzu Spring Security is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted requests to initiate the Authorization Request for the Authorization Code Grant, a remote attacker could exploit this vulnerability to exhaust available system resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-2341
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-36690
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by a segmentation fault in the idxGetTableInfo function. By sending a specially-crafted query, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208138 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-33033
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the cipso_v4_genopt function in net/ipv4/cipso_ipv4.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203148 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-33034
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw when destroying an hci_chan in net/bluetooth/hci_event.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203149 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-29650
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table value in the netfilter subsystem. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199201 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-38862
**DESCRIPTION:**IBM Cloud Pak - Risk Manager/IBM Data Risk Manager (iDNA) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207980 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-33909
**DESCRIPTION:**Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in fs/seq_file.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges to root.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205906 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-30640
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request using various user names, an attacker could exploit this vulnerability to bypass some of the protection provided by the LockOut Realm.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205213 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-32027
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow while modifying certain SQL array values. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202823 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-33037
**DESCRIPTION:**Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205222 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-41079
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209450 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-30639
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by improper error handling during non-blocking I/O. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to trigger non-blocking I/O errors resulting in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205212 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-32028
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table. By creating prerequisite objects, an attacker could exploit this vulnerability to read arbitrary bytes of server memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203616 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-22555
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/x_tables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204997 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-27170
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds loads flaw. By executing specially-crafted BPF programs, an attacker could exploit this vulnerability to obtain contents of kernel memory, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198453 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM DRM 2.0.6

Remediation/Fixes

To obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.8, and then apply the latest FixPack 2.0.6.9. The FixPack is not cumulative. So it must be applied on top of 2.0.6.8 in sequence.

Product| VRMF| _APAR
_| Remediation / First Fix
—|—|—|—
IBM Data Risk Manager| 2.0.6|

|

  1. Apply DRM_2.0.6.1_Fixpack

  2. Apply DRM_2.0.6.2_Fixpack

  3. Apply DRM_2.0.6.3_FixPack

  4. Apply DRM_2.0.6.4_FixPack

  5. Apply DRM_2.0.6.5_FixPack

  6. Apply DRM_2.0.6.6_FixPack

  7. Apply DRM_2.0.6.7_FixPack

  8. Apply DRM_2.0.6.8_FixPack

  9. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.1|

|

  1. Apply DRM_2.0.6.2_Fixpack

  2. Apply DRM_2.0.6.3_FixPack

  3. Apply DRM_2.0.6.4_FixPack

  4. Apply DRM_2.0.6.5_FixPack

  5. Apply DRM_2.0.6.6_FixPack

  6. Apply DRM_2.0.6.7_FixPack

  7. Apply DRM_2.0.6.8_FixPack

  8. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.2|

|

  1. Apply DRM_2.0.6.3_FixPack

  2. Apply DRM_2.0.6.4_FixPack

  3. Apply DRM_2.0.6.5_FixPack

  4. Apply DRM_2.0.6.6_FixPack

  5. Apply DRM_2.0.6.7_FixPack

  6. Apply DRM_2.0.6.8_FixPack

  7. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.3|

|

  1. Apply DRM_2.0.6.4_FixPack

  2. Apply DRM_2.0.6.5_FixPack

  3. Apply DRM_2.0.6.6_FixPack

  4. Apply DRM_2.0.6.7_FixPack

  5. Apply DRM_2.0.6.8_FixPack

  6. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.4|

|

  1. Apply DRM_2.0.6.5_FixPack

  2. Apply DRM_2.0.6.6_FixPack

  3. Apply DRM_2.0.6.7_FixPack

  4. Apply DRM_2.0.6.8_FixPack

  5. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.5|

|

  1. Apply DRM_2.0.6.6_FixPack

  2. Apply DRM_2.0.6.7_FixPack

  3. Apply DRM_2.0.6.8_FixPack

  4. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.6|

|

  1. Apply DRM_2.0.6.7_FixPack

  2. Apply DRM_2.0.6.8_FixPack

  3. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.7
|

|

  1. Apply DRM_2.0.6.8_FixPack

  2. Apply DRM_2.0.6.9_FixPack

IBM Data Risk Manager| 2.0.6.8
|

|

  1. Apply DRM_2.0.6.9_FixPack

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm data risk managereq2.0.6

Related

nessus 88
ibm 31
f5 1
kaspersky 1
suse 8
centos 3
redhat 20
oraclelinux 8
osv 12
rocky 2
almalinux 3
archlinux 4
amazon 3
fedora 4
debian 6
rosalinux 1
mageia 1
altlinux 2
freebsd 1
nessus
nessus
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.2)
2022-09-01 00:00:00
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.1.5)
2022-09-01 00:00:00
Oracle Java SE 1.7.0_311 / 1.8.0_301 / 1.11.0_12 / 1.16.0_2 Multiple Vulnerabilities (Unix July 2021 CPU)
2021-07-23 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
2021-09-13 11:17:27
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite - July 2021 CPU
2022-02-08 19:39:24
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - July 2021 - Includes Oracle July 2021 CPU minus CVE-2021-2341 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
2021-10-30 14:41:35
f5
f5
K55354030 : OpenJDK vulnerabilities CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-2432
2022-08-22 00:00:00
kaspersky
kaspersky
KLA12237 Multiple vulnerabilities in Oracle Java SE
2021-07-20 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2021-08-21 00:00:00
Security update for tomcat (moderate)
2021-11-19 00:00:00
Security update for tomcat (moderate)
2021-11-16 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-08-31 21:19:47
java security update
2021-07-22 13:56:57
java security update
2021-08-11 16:31:46
redhat
redhat
(RHSA-2021:3327) Important: kernel security and bug fix update
2021-08-31 07:45:12
(RHSA-2021:2730) Important: kernel security and bug fix update
2021-07-20 13:11:57
(RHSA-2021:2733) Important: kernel security update
2021-07-20 13:10:47
oraclelinux
oraclelinux
kernel security and bug fix update
2021-08-31 00:00:00
java-11-openjdk security update
2021-07-22 00:00:00
java-1.8.0-openjdk security and bug fix update
2021-07-22 00:00:00
osv
osv
Important: java-11-openjdk security update
2021-07-21 07:28:55
openjdk-11 - security update
2021-07-29 00:00:00
Important: java-11-openjdk security update
2021-07-21 07:28:55
rocky
rocky
java-11-openjdk security update
2021-07-21 07:28:55
java-1.8.0-openjdk security update
2021-07-21 07:31:58
almalinux
almalinux
Important: java-1.8.0-openjdk security update
2021-07-21 07:31:58
Important: java-11-openjdk security update
2021-07-21 07:28:55
Important: postgresql:10 security update
2021-06-09 11:21:16
archlinux
archlinux
[ASA-202107-54] jre11-openjdk-headless: multiple issues
2021-07-21 00:00:00
[ASA-202107-53] jdk11-openjdk: multiple issues
2021-07-21 00:00:00
[ASA-202107-66] jre-openjdk: multiple issues
2021-07-22 00:00:00
amazon
amazon
Important: java-11-amazon-corretto
2021-07-21 00:43:00
Important: java-1.8.0-openjdk
2021-08-04 20:32:00
Important: java-1.8.0-openjdk
2021-09-02 22:54:00
fedora
fedora
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.12.0.7-0.fc34
2021-08-01 04:05:21
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.12.0.7-0.fc33
2021-08-01 04:05:00
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.302.b08-0.fc33
2021-08-01 04:05:00
debian
debian
[SECURITY] [DSA 4946-1] openjdk-11 security update
2021-07-29 18:44:34
[SECURITY] [DLA 2737-1] openjdk-8 security update
2021-08-09 19:27:32
[SECURITY] [DLA 2733-1] tomcat8 security update
2021-08-05 21:40:35
rosalinux
rosalinux
Advisory ROSA-SA-2023-2133
2023-03-21 12:31:42
mageia
mageia
Updated tomcat packages fix security vulnerability
2021-10-23 13:05:28
altlinux
altlinux
Security fix for the ALT Linux 8 package postgresql9.6 version 9.6.22-alt0.M80P.1
2021-06-04 00:00:00
Security fix for the ALT Linux 8 package postgresql10 version 10.17-alt0.M80P.1
2021-06-04 00:00:00
freebsd
freebsd
PostgreSQL server -- two security issues
2021-05-13 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.939 High

EPSS

Percentile

98.7%

JSON
Related for DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE
nessus88ibm31f51kaspersky1suse8centos3redhat20oraclelinux8osv12rocky2almalinux3archlinux4amazon3fedora4debian6rosalinux1mageia1altlinux2freebsd1