IBMEF1E2FEB44E438DE639078CAB701D949E53CFD03995F5B7EA4EB9581A4038E69Security Bulletin: Addressing the Security vulnerability CVE-2021-37533 found in commons-net-1.4.1.jar
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
65.4%
Summary
IBM Tivoli Composite Application Manager (ITCAM) for Transactions - Transaction Tracking has addressed the following commons-net-1.4.1.jar vulnerability and updated commons-net-1.4.1.jar to version 3.9.0
Vulnerability Details
CVEID:CVE-2021-37533
**DESCRIPTION:**Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV response by default. By persuading a victim to connect to specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private network, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241253 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ITCAM for Transactions | 7.4.0.2 |
Remediation/Fixes
ITCAM for Transaction Tracking 7.4.0.2 IFix 22 - 7.4.0.2-TIV-CAMTT-IF0022
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli composite application manager for applications | eq | 7.4.0.2 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
65.4%