Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)

2022-10-20T00:00:00

Description

The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729) - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is 11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980) - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web ADF Integration (Apache Commons Compress)). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2021-36090) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "ORACLE_BI_PUBLISHER_OAS_5_9_CPU_OCT_2022.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)", "description": "The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)\n\n - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:\n Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is 11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980) \n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web ADF Integration (Apache Commons Compress)). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2021-36090)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-10-20T00:00:00", "modified": "2022-12-30T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/166337", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.oracle.com/docs/tech/security-alerts/cpuOct2022cvrf.xml", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21609", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729", "https://www.oracle.com/security-alerts/cpuOct2022.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980"], "cvelist": ["CVE-2021-36090", "CVE-2022-21609", "CVE-2022-24729", "CVE-2022-33980"], "immutableFields": [], "lastseen": "2023-05-17T16:37:06", "viewCount": 10, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "cnvd", "idList": ["CNVD-2022-21546"]}, {"type": "cve", "idList": ["CVE-2021-36090", "CVE-2022-21609", "CVE-2022-24729", "CVE-2022-33980"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5290-1:E8154"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-36090", "DEBIANCVE:CVE-2022-24729", "DEBIANCVE:CVE-2022-33980"]}, {"type": "drupal", "idList": ["DRUPAL-SA-CORE-2022-005"]}, {"type": "f5", "idList": ["F5:K08006936"]}, {"type": "fedora", "idList": ["FEDORA:0C9763072633", "FEDORA:3ACF7305E4DA"]}, {"type": "fortinet", "idList": ["FG-IR-22-399"]}, {"type": "github", "idList": ["GHSA-MC84-PJ99-Q6HH", "GHSA-XJ57-8QJ4-C4M6"]}, {"type": "githubexploit", "idList": ["06F61093-00F5-5EEB-B6FA-59F105962C41", "18F97794-03AA-5BD5-9DAA-663FB07BB6A0", "47D4A7AD-7A58-597F-8030-37CB4076FA2F", "6D13552B-CA74-5F84-BC21-EFC2BB59FB93"]}, {"type": "hivepro", "idList": ["HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204"]}, {"type": "ibm", "idList": ["0104500632F30B669B6AB3386A2C032BE30309BC277B7F02194DA7DEBC57CE3F", "0665925DF5F067ECF5E297BA3C90127DB89591002C77E6A2724DF5A757C0156C", "0AFBC1D7F97C5C9E0F0CC49EE02F2CC41F95432701D1E857EC1AF635A6E339A4", "0CAF6866558AEA0CD272A5558C61C55CF713A20CB17AD693AE5231FAC8E07BE9", "0D5D9C62E3772E12A0A361D23CC8D2FE21F9AD572A09912E906D408ED2270FAA", "0E0E7B18D99C2EC8E29EE4877EE2BCDB492FE609EBADF3B5D9C1C38BABE89E03", "0E139C6B78E05C5FB31297130E7D8182F37C6EEE164FAB0E33CFAB3DCEE481D0", "10435D282B7850CEC2BF0C603FD80422C4D44BBAE142D5D668326E97EB3F47F8", "12365E079006AC201EC3CA279F0927477E9103C595244F01496633DFAC47BD20", "155D85DAFA07773C09E4F262173738C31F79066ACDB0B4C7D084305E837C9842", "16736BDC76D22C21547E48EFB8CDDC62FDD5AB41955327A05DD047CB18A3DEDC", "186B70A46AA8E0019EA1FA3AD7C84BE2123190D3E9ECBD8080B8E32748EE5D8E", "1CBB3850C5774C7EF01617A98C0603053597EB9E84A0DF64C201094FAB392754", "1F9BCC08A26A1E48717EBAEB101D492E62FDA8F2346CB6E7137C789B32C139DD", "22A3084E2002F23895BAE53AE66469749F21716FF3B8CF15A58E6BBC0C953322", "2494FA18EBA69E49E0C9B21340A86FBCE7BF93F9CB851C89E87B389A942B8EB4", "2616972DA8EE35A4DDF1914EC6AC5D9B251587AF1D48096158CD1BAACE7A8E2A", "2BE1B762E9F077419A696E0C1B88E2D3F236BE3549BFC2182468480E071BF032", "33D4121C24315EBC2149A61597C95EC5AA26609607D06600AA66FC2197320064", "34E92615DEA7EEB534443A478FE7324FF1E532020BDA914F779701A3E0067CAB", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "3F96A633CE7ED35C5DCB16407F6DA5B42A94D92B87D9F35134C90B90A6E664ED", "45A5CEFDC4D7BAF7DD3A35BE14090A435BBD4BEEFCC6A8B34291DE21F9BE02CD", "45F290647D7A4EBF1F245A22873DA3258113639A5595D4F08D5206EB9D79EBCF", "4836323F140F5C6D88883F2A098C5531EA1D0196B52BD5DA1D2D5BDAF8A68C4A", "4B7C6723D18E0DFA9F2B469E2F6D9E9E97BAC6728DDB3BA15F40ACE66F684EF5", "506E8C92E0B76D834A33E4AE02E5206A0ABF28570630F6E4A780D13A5238D647", "5C84EE90836D63B05BD8D61CDE089A39BB0BF0FC1D82D10897E9D6EDC4884684", "602CBF49196C4B5F53BF0E35529FFE589DC1AE573B22BF9B1F6824FA49254F13", "69A39D35FF9374902BEB26D9183E47ADA8A9F6E73B9981D10DC5E13E014BE244", "6DFE02E47206439339CF69003DED7C6A339BE8A9FDA6611EA300ACF64BDB9DD1", "7449E9578BBA31426909FB1226DE7837491164672101DB16E29F106CC21BD6AC", "75292E3923B26B0E2E5FF96584620DDCD8E3FA9B1B48381C5BCAA4B6590D82C7", "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E748FB7D2BF3C8C9A65B6AC1E01AE1CF23A69785B2DCE748AB18C63395DC19E", "7FF67E7B52DAFF24211DBF2A070CA6F859E1B8F13FEC5BEDB6B3E4A7B2894505", "838686EA8660AF45865AC08A8AAF01B25ECE89F900D760F085C235BD477978AE", "870A1DEF76D41D926201E86F390F6EEB281F4C5156CDE1104587F141A47CBCD6", "87E69918E25D6751D3DFF28B93E0E32012AA2DB7FA1D0F74175CA8BE7330EFB7", "8F313894553377D79CE37F4DCC19E27AD4FD3271C08DF1AC992BCE68E81DC592", "8FB323EC50EB5CCD3380176BF2571DDA8C7739DBF4BC558C9B57458B912FEEF7", "900B686502E0C61F1BAA043F9387495F4C4AF282D993D0971AFB618978232651", "91791263F482BE4327CB96A074DA5FD8EB133EF9DA47BE41713B960DCA5C33B4", "9288347016C858F9180FED179D5369E3FF2B19EE08AE1ADC50DA0356CFED11FE", "947A21CD85DCAC08CA419CD2A544E44DEBD58BFAFD69C5FAEA15B04ADA1037E1", "9485C17C6737EACF77937D851901B067F4440B181E90652E1B22FC3F0E4AE5C0", "998E998A37AA40076F35ACE20C7E0016E44B1CC4EFB6AE26D0761C68B7C99657", "9E0785F08078A693830D9375FB362720BEF15FAEDDCF6AF11F7E847FC4F2B207", "A740554B49FF2C28448E8B6CAEB6B5186A59385D0F06901909CFF1DCA81D60FC", "AB24944DBEBE38F0BC5C45F998163889F0AE20E03F8A7A1E3E7A7BAC40D872C2", "ABBECC2CF1F809CE932B9130A6788B28E3F6228FC5599EA3FB4CD8372D7EA7C8", "B07B2DDB76A96BB8480E22188347E3C9EE42A03F24868518880519216E52F154", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B3795437971BBFF553B6A4E1067F15162BCF6961507ED86899C33084B3A1A74C", "B5B6C4769983441433B811EF3AAED6CFC993849D42BC924ECF1CCA5E34838148", "B62071204643E59AD31EF38C3F1DA735EF11A4D940DEE816C67BC98D03AE1325", "B7A13FB33FCF20165BBA366C8F6B69286BA3919797513F5D1D731C55600F3ADA", "B8CB582AD4C9B18B3C5CCBAB5234D749FD3D0D9E37A5EF38D599A964E5AE80A1", "B9F14FDA85553B1CFC437ADD80AE8D3308F5F7116C42963946938CBE5C5EA56F", "BAF43585A5ABFAA551BDE0DDB4AD7ECB0C42E21551DBFD52E1607957FAE4176A", "C880E056FA204218A84A61C31DFC839867B32C5A7A216BBFF825B8013A446E7F", "CC8B5EAED9F16E46FA900651589C00B568FED80DA1BF6B1F0CD9487C5E056E7C", "CDDC441D27E108C0C02A93DB9A7C32A887C12C059B5D2279EA48BF038E8D5170", "CF49D3C68973180FF18BD6C75A4B377A56810C21E28DDDFFBFD24EC340BB8DA8", "D15F96A6A2133C2CD625057126D31B71488849CB6D471551AF6177AE83F15B0E", "D217E46A21D57F6E2A2BF7B705F5AB42A912E70179C85B686B09E652D0CFD1B3", "D2F45C96EB49AFC2B652E7D45AA056C9A181453656E766BAD269586E7F2C3CFB", "DAD6E642502813DE6B9563D13D4513415BAE90E68BEF31D45DE8D7346CF0EF4B", "DC0307C89ADC9BDECEC60787C47BEC8B9B8EE78D2B6C0A47849682B1DA27D02F", "DF10251E3781DB89E977C04275F005CA31E770A1B5E3D3C3549F931A61FC1418", "DF191538C8CFADC9C4FBA779294B9A47AEEFD56EB05A6B7BA858EC03DB26B960", "DF989094B08F10BFBA2DA2F5ED5CF27B371F00C6520140A5C25FA34A1EEA15E3", "E04842499BA6DBF5423B1C2D99E7E204D6DCA991703C7EF467D56949F4429941", "E6CDADFC7E8DFE7568643BB3E70DE70E20B1F339E747013D400F4AF8B0D1C4CE", "E7E3551B3BD388636A37375B3F6439FA5E8D471B186B7E9F88305EC0A265E5D7", "EEE380D4251EC8087F70E591F9649F8F72DC3CEE1BB76652685094DC3531CA8D", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "EFEF2244E948829C5D18D7E375890D878EF65279FF91004B2295614B4406FAED", "F28901CFE45D1D428C63CC881FFA753E9073E21717B6E26FF45848C3370F2142", "F7232359E6413A274B62C22CB7BF1EF8C428ADFBF22EF7B9B913D63D087BCACB", "F89D3081DA6B5CB2F4FF097D956A1B15C95A11155B2977DE948E9FE8ECD15A28", "FAD5EEE9FD5547B3BC0F26582580EC66DC6193FFFF5B317ECA1DEDB5F001336A", "FC345CFDAF6B7A71B4BE4B7572967C23A04C41A497A855D10C71E09C23CF564F", "FE3ECC02D6131D037DB72CD71278183A707DC57C21C726BB8037F95488CB8384"]}, {"type": "mageia", "idList": ["MGASA-2022-0009"]}, {"type": "nessus", "idList": ["CLOUDBEES-SECURITY-ADVISORY-2022-11-15.NASL", "DEBIAN_DSA-5290.NASL", "DRUPAL_9_3_8.NASL", "FEDORA_2022-B61DFD219B.NASL", "IBM_COGNOS_6986505.NASL", "OPENSUSE-2021-1115.NASL", "OPENSUSE-2021-2612.NASL", "ORACLE_BI_PUBLISHER_OAS_6_4_CPU_OCT_2022.NASL", "ORACLE_BPM_CPU_JAN_2022.NASL", "ORACLE_GOLDENGATE_CPU_OCT_2022.NASL", "ORACLE_OBIEE_CPU_APR_2023.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2021.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2021.NASL", "ORACLE_RDBMS_CPU_JUL_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_OCT_2022.NASL", "ORACLE_WEBCENTER_SITES_CPU_OCT_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2023.NASL", "REDHAT-RHSA-2022-5555.NASL", "ROCKY_LINUX_RLSA-2023-2097.NASL", "SUSE_SU-2021-2612-1.NASL", "WEB_APPLICATION_SCANNING_113204", "WEB_APPLICATION_SCANNING_113206"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "osv", "idList": ["OSV:DSA-5290-1", "OSV:GHSA-MC84-PJ99-Q6HH", "OSV:GHSA-XJ57-8QJ4-C4M6"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:D1FC7658A8AB3554F3796CEE14DA3320"]}, {"type": "redhat", "idList": ["RHSA-2022:5532", "RHSA-2022:5555", "RHSA-2022:6916", "RHSA-2022:8652", "RHSA-2023:2097"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-36090", "RH:CVE-2022-33980"]}, {"type": "rocky", "idList": ["RLSA-2023:2097"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1115-1", "OPENSUSE-SU-2021:2612-1"]}, {"type": "thn", "idList": ["THN:CD02CBB44D60CC52E4B65C0B87E2163C"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-36090", "UB:CVE-2022-24729", "UB:CVE-2022-33980"]}, {"type": "veracode", "idList": ["VERACODE:31465", "VERACODE:34723", "VERACODE:36282"]}]}, "epss": [{"cve": "CVE-2021-36090", "epss": 0.00218, "percentile": 0.58281, "modified": "2023-05-01"}, {"cve": "CVE-2022-21609", "epss": 0.00047, "percentile": 0.14368, "modified": "2023-05-02"}, {"cve": "CVE-2022-24729", "epss": 0.00178, "percentile": 0.53528, "modified": "2023-05-02"}, {"cve": "CVE-2022-33980", "epss": 0.86301, "percentile": 0.98027, "modified": "2023-05-02"}], "vulnersScore": 0.8}, "_state": {"score": 1684341729, "dependencies": 1684372553, "epss": 0}, "_internal": {"score_hash": "8c00813dc93f9286574bb6bea1303bc0"}, "pluginID": "166337", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166337);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\n \"CVE-2021-36090\",\n \"CVE-2022-21609\",\n \"CVE-2022-24729\",\n \"CVE-2022-33980\"\n );\n\n script_name(english:\"Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed\non the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter\n Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter\n Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)\n\n - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:\n Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is\n 11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to\n compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result\n in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)\n \n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware\n (component: Analytics Web ADF Integration (Apache Commons Compress)). The supported version that is\n affected is 5.9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2021-36090)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuOct2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuOct2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Oct 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33980\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher');\n\nvar constraints = [\n # Oracle Analytics Server 5.9\n {'min_version': '12.2.5.9.0', 'fixed_version': '12.2.5.9.220926', 'patch': '34639555', 'bundle': '34690606'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "solution": "Apply the appropriate patch according to the Oct 2022 Oracle Critical Patch Update advisory.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-33980", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-10-18T00:00:00", "vulnerabilityPublicationDate": "2022-10-18T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-17T16:36:18", "description": "The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)\n\n - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:\n Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is 11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)\n\n - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. (CVE-2020-36518)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-20T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Publisher 5.9.x < 5.9.0 (OAS) (Oct 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36518", "CVE-2021-36518", "CVE-2022-24729", "CVE-2022-33980"], "modified": "2022-12-30T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "id": "ORACLE_BI_PUBLISHER_OAS_6_4_CPU_OCT_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/166336", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166336);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\"CVE-2021-36518\", \"CVE-2022-24729\", \"CVE-2022-33980\");\n\n script_name(english:\"Oracle Business Intelligence Publisher 5.9.x < 5.9.0 (OAS) (Oct 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed\non the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter\n Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter\n Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)\n\n - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:\n Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is\n 11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to\n compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result\n in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)\n\n - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large\n depth of nested objects. (CVE-2020-36518)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuOct2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuOct2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Oct 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33980\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher');\n\nvar constraints = [\n # Oracle Analytics Server 6.4\n {'min_version': '12.2.6.4.0', 'fixed_version': '12.2.6.4.220926', 'patch': '34624887', 'bundle': '34690622'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-21T14:05:52", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290 advisory.\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. (CVE-2022-33980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-28T00:00:00", "type": "nessus", "title": "Debian DSA-5290-1 : commons-configuration2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-33980"], "modified": "2023-09-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcommons-configuration2-java", "p-cpe:/a:debian:debian_linux:libcommons-configuration2-java-doc", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5290.NASL", "href": "https://www.tenable.com/plugins/nessus/168228", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5290. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168228);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/20\");\n\n script_cve_id(\"CVE-2022-33980\");\n\n script_name(english:\"Debian DSA-5290-1 : commons-configuration2 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290\nadvisory.\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically\n evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used\n to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the\n interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances\n included interpolators that could result in arbitrary code execution or contact with remote servers. These\n lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using\n the interpolation defaults in the affected versions may be vulnerable to remote code execution or\n unintentional contact with remote servers if untrusted configuration values are used. Users are\n recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators\n by default. (CVE-2022-33980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960\");\n # https://security-tracker.debian.org/tracker/source-package/commons-configuration2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8d47290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/commons-configuration2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the commons-configuration2 packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 2.8.0-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33980\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcommons-configuration2-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcommons-configuration2-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libcommons-configuration2-java', 'reference': '2.8.0-1~deb11u1'},\n {'release': '11.0', 'prefix': 'libcommons-configuration2-java-doc', 'reference': '2.8.0-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcommons-configuration2-java / libcommons-configuration2-java-doc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:39:25", "description": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Commons Compress)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0.\nEasily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-21T00:00:00", "type": "nessus", "title": "Oracle Business Process Management Suite (Jan 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36090"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:business_process_management_suite"], "id": "ORACLE_BPM_CPU_JAN_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/156931", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156931);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2021-36090\");\n script_xref(name:\"IAVA\", value:\"2022-A-0029\");\n\n script_name(english:\"Oracle Business Process Management Suite (Jan 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware\n(component: Installer (Apache Commons Compress)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0.\nEasily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle\nBusiness Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2022.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujan2022cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_process_management_suite\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bpm_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Process Manager\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nvar app_info = vcf::get_app_info(app:'Oracle Business Process Manager');\n\nvar constraints = [\n { 'min_version':'12.2.1.3.0', 'fixed_version' : '12.2.1.3.211221' },\n { 'min_version':'12.2.1.4.0', 'fixed_version' : '12.2.1.4.211221' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:16", "description": "According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities due to its usage of a third party component, CKEditor, for WYSIWYG editing:\n\n - A vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. (CVE-2022-24728)\n\n - A vulnerability has been discovered in CKEditor 4 dialog plugin. The vulnerability allowed to abuse a dialog input validator regular expression, which could cause a significant performance drop resulting in a browser tab freeze. (CVE-2022-24729)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-18T00:00:00", "type": "nessus", "title": "Drupal 9.3.x < 9.3.8 Third-Party Library Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24728", "CVE-2022-24729"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113206", "href": "https://www.tenable.com/plugins/was/113206", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:29", "description": "According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities.\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.\n The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. (CVE-2022-24728)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-16T00:00:00", "type": "nessus", "title": "Drupal 9.2.x < 9.2.15 / 9.3.x < 9.3.8 Multiple Vulnerabilities (drupal-2022-03-16)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24728", "CVE-2022-24729"], "modified": "2022-08-09T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "DRUPAL_9_3_8.NASL", "href": "https://www.tenable.com/plugins/nessus/158982", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158982);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/09\");\n\n script_cve_id(\"CVE-2022-24728\", \"CVE-2022-24729\");\n script_xref(name:\"IAVA\", value:\"2022-A-0123-S\");\n\n script_name(english:\"Drupal 9.2.x < 9.2.15 / 9.3.x < 9.3.8 Multiple Vulnerabilities (drupal-2022-03-16)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PHP application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15\nor 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities.\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0\n contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input\n validator regular expression, which can cause a significant performance drop resulting in a browser tab\n freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered\n in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.\n The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could\n result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently\n no known workarounds. (CVE-2022-24728)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/sa-core-2022-005\");\n # https://ckeditor.com/blog/ckeditor-4.18.0-browser-bugfix-and-security-patches/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?526d7751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/ckeditor/ckeditor4\");\n # https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?773fe8cd\");\n # https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?742ef187\");\n # https://www.drupal.org/docs/contributed-modules/webform/webform-libraries\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63de4ace\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/9.2.15\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/9.3.8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/psa-2011-002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/psa-2021-06-29\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/steward\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Drupal version 9.2.15 / 9.3.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24728\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:drupal:drupal\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"drupal_detect.nasl\");\n script_require_keys(\"installed_sw/Drupal\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar port = get_http_port(default:80, php:TRUE);\n\nvar app_info = vcf::get_app_info(app:'Drupal', port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nvar constraints = [\n { 'min_version' : '9.2', 'fixed_version' : '9.2.15' },\n { 'min_version' : '9.3', 'fixed_version' : '9.3.8' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:18", "description": "According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities due to its usage of a third party component, CKEditor, for WYSIWYG editing:\n\n - A vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. (CVE-2022-24728)\n\n - A vulnerability has been discovered in CKEditor 4 dialog plugin. The vulnerability allowed to abuse a dialog input validator regular expression, which could cause a significant performance drop resulting in a browser tab freeze. (CVE-2022-24729)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-18T00:00:00", "type": "nessus", "title": "Drupal 9.2.x < 9.2.15 Third-Party Library Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24728", "CVE-2022-24729"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113204", "href": "https://www.tenable.com/plugins/was/113204", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:23", "description": "The 12.2.1.3.0 and 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (dojo)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. (CVE-2021-23450)\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (XStream)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2021-43859)\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)\n\n - CVE-2022-32532\tVulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Apache Shiro)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. (CVE-2022-32532)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-21T00:00:00", "type": "nessus", "title": "Oracle WebCenter Sites (Oct 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23450", "CVE-2021-43859", "CVE-2022-24729", "CVE-2022-32532"], "modified": "2022-12-30T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:webcenter_sites"], "id": "ORACLE_WEBCENTER_SITES_CPU_OCT_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/166377", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166377);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\n \"CVE-2021-23450\",\n \"CVE-2021-43859\",\n \"CVE-2022-24729\",\n \"CVE-2022-32532\"\n );\n\n script_name(english:\"Oracle WebCenter Sites (Oct 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 12.2.1.3.0 and 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple\nvulnerabilities as referenced in the October 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Centralized Thirdparty \n Jars (dojo)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability \n allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful \n attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. (CVE-2021-23450)\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites \n (XStream)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability \n allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful \n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash \n (complete DOS) of Oracle WebCenter Sites. (CVE-2021-43859)\n\n - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites \n (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability \n allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful \n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash \n (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)\n\n - CVE-2022-32532\tVulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: \n WebCenter Sites (Apache Shiro)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily \n exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle \n WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. \n (CVE-2022-32532)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuoct2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2022 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32532\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:webcenter_sites\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_webcenter_sites_installed.nbin\", \"oracle_enum_products_win.nbin\");\n script_require_keys(\"SMB/WebCenter_Sites/Installed\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_oracle_webcenter_sites.inc');\n\nvar app_info = vcf::oracle_webcenter_sites::get_app_info();\n\nvar constraints = [\n { 'min_version' : '12.2.1.3.0', 'fixed_version' : '12.2.1.3.221017' },\n { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.221017' }\n];\n\nvcf::oracle_webcenter_sites::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T17:10:55", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b61dfd219b advisory.\n\n - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)\n\n - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.\n The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. (CVE-2022-24728)\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "Fedora 36 : ckeditor (2022-b61dfd219b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41164", "CVE-2021-41165", "CVE-2022-24728", "CVE-2022-24729"], "modified": "2023-09-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:ckeditor"], "id": "FEDORA_2022-B61DFD219B.NASL", "href": "https://www.tenable.com/plugins/nessus/169023", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-b61dfd219b\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169023);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/12\");\n\n script_cve_id(\n \"CVE-2021-41164\",\n \"CVE-2021-41165\",\n \"CVE-2022-24728\",\n \"CVE-2022-24729\"\n );\n script_xref(name:\"FEDORA\", value:\"2022-b61dfd219b\");\n\n script_name(english:\"Fedora 36 : ckeditor (2022-b61dfd219b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-b61dfd219b advisory.\n\n - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered\n in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The\n vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in\n executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has\n been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)\n\n - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered\n in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability\n allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing\n JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been\n recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered\n in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.\n The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could\n result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently\n no known workarounds. (CVE-2022-24728)\n\n - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0\n contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input\n validator regular expression, which can cause a significant performance drop resulting in a browser tab\n freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-b61dfd219b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ckeditor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24728\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ckeditor\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'ckeditor-4.20.0-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ckeditor');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:16", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2612-1 advisory.\n\n - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35515)\n\n - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35516)\n\n - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. (CVE-2021-35517)\n\n - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. (CVE-2021-36090)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-06T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : apache-commons-compress (openSUSE-SU-2021:2612-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-08-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-compress", "p-cpe:/a:novell:opensuse:apache-commons-compress-javadoc", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2612.NASL", "href": "https://www.tenable.com/plugins/nessus/152256", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2612-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152256);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/06\");\n\n script_cve_id(\n \"CVE-2021-35515\",\n \"CVE-2021-35516\",\n \"CVE-2021-35517\",\n \"CVE-2021-36090\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : apache-commons-compress (openSUSE-SU-2021:2612-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2612-1 advisory.\n\n - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an\n entry can result in an infinite loop. This could be used to mount a denial of service attack against\n services that use Compress' sevenz package. (CVE-2021-35515)\n\n - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that\n finally leads to an out of memory error even for very small inputs. This could be used to mount a denial\n of service attack against services that use Compress' sevenz package. (CVE-2021-35516)\n\n - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory\n that finally leads to an out of memory error even for very small inputs. This could be used to mount a\n denial of service attack against services that use Compress' tar package. (CVE-2021-35517)\n\n - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory\n that finally leads to an out of memory error even for very small inputs. This could be used to mount a\n denial of service attack against services that use Compress' zip package. (CVE-2021-36090)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188466\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XVOH7P2WI6SSS2OORQJBS45T5SKKO7BV/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0954235c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36090\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache-commons-compress and / or apache-commons-compress-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-compress-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'apache-commons-compress-1.21-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache-commons-compress-javadoc-1.21-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-compress / apache-commons-compress-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:32:35", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2612-1 advisory.\n\n - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35515)\n\n - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35516)\n\n - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. (CVE-2021-35517)\n\n - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. (CVE-2021-36090)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-06T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : apache-commons-compress (SUSE-SU-2021:2612-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache-commons-compress", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2612-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152248", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2612-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152248);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-35515\",\n \"CVE-2021-35516\",\n \"CVE-2021-35517\",\n \"CVE-2021-36090\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2612-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : apache-commons-compress (SUSE-SU-2021:2612-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2612-1 advisory.\n\n - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an\n entry can result in an infinite loop. This could be used to mount a denial of service attack against\n services that use Compress' sevenz package. (CVE-2021-35515)\n\n - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that\n finally leads to an out of memory error even for very small inputs. This could be used to mount a denial\n of service attack against services that use Compress' sevenz package. (CVE-2021-35516)\n\n - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory\n that finally leads to an out of memory error even for very small inputs. This could be used to mount a\n denial of service attack against services that use Compress' tar package. (CVE-2021-35517)\n\n - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory\n that finally leads to an out of memory error even for very small inputs. This could be used to mount a\n denial of service attack against services that use Compress' zip package. (CVE-2021-36090)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36090\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009259.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e9595e4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache-commons-compress package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache-commons-compress-1.21-3.3.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'apache-commons-compress-1.21-3.3.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'apache-commons-compress-1.21-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'apache-commons-compress-1.21-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-compress');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:29", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1115-1 advisory.\n\n - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35515)\n\n - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35516)\n\n - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. (CVE-2021-35517)\n\n - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. (CVE-2021-36090)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-11T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : apache-commons-compress (openSUSE-SU-2021:1115-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-compress", "p-cpe:/a:novell:opensuse:apache-commons-compress-javadoc", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1115.NASL", "href": "https://www.tenable.com/plugins/nessus/152463", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1115-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152463);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2021-35515\",\n \"CVE-2021-35516\",\n \"CVE-2021-35517\",\n \"CVE-2021-36090\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : apache-commons-compress (openSUSE-SU-2021:1115-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1115-1 advisory.\n\n - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an\n entry can result in an infinite loop. This could be used to mount a denial of service attack against\n services that use Compress' sevenz package. (CVE-2021-35515)\n\n - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that\n finally leads to an out of memory error even for very small inputs. This could be used to mount a denial\n of service attack against services that use Compress' sevenz package. (CVE-2021-35516)\n\n - When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory\n that finally leads to an out of memory error even for very small inputs. This could be used to mount a\n denial of service attack against services that use Compress' tar package. (CVE-2021-35517)\n\n - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory\n that finally leads to an out of memory error even for very small inputs. This could be used to mount a\n denial of service attack against services that use Compress' zip package. (CVE-2021-36090)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188466\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YA4IHX4VRW7LQHM7JIEPOCPE46TRW6MV/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ba5891e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36090\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache-commons-compress and / or apache-commons-compress-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-compress-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'apache-commons-compress-1.21-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache-commons-compress-javadoc-1.21-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-compress / apache-commons-compress-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:32", "description": "The version of Primavera Unifier installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory, including the following:\n\n - An easily exploitable vulnerability in the File Management component of Primavera Unifier that allows an unauthenticated, remote attacker to compromise availability. (CVE-2021-36090)\n\n - An easily exploitable vulnerability in the Platform, UI (Lodash) component of Primavera Unifier that allows a remote, high privileged attacker to compromise confidentiality, integrity, and availability.\n (CVE-2021-23337)\n\n - An easily exploitable vulnerability in the Platform (Apache Tika) component of Primavera unifier that allows an unauthenticated attacker to compromise availability. (CVE-2021-28657)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-20T00:00:00", "type": "nessus", "title": "Oracle Primavera Unifier (Oct 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23337", "CVE-2021-28657", "CVE-2021-36090", "CVE-2021-36374"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:primavera_unifier"], "id": "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2021.NASL", "href": "https://www.tenable.com/plugins/nessus/154262", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154262);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-23337\",\n \"CVE-2021-28657\",\n \"CVE-2021-36090\",\n \"CVE-2021-36374\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0480\");\n\n script_name(english:\"Oracle Primavera Unifier (Oct 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Primavera Unifier installed on the remote host is affected by multiple vulnerabilities as referenced in\nthe October 2021 CPU advisory, including the following:\n\n - An easily exploitable vulnerability in the File Management component of Primavera Unifier that allows an\n unauthenticated, remote attacker to compromise availability. (CVE-2021-36090)\n\n - An easily exploitable vulnerability in the Platform, UI (Lodash) component of Primavera Unifier that\n allows a remote, high privileged attacker to compromise confidentiality, integrity, and availability.\n (CVE-2021-23337)\n\n - An easily exploitable vulnerability in the Platform (Apache Tika) component of Primavera unifier that\n allows an unauthenticated attacker to compromise availability. (CVE-2021-28657)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuoct2021cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixPVA\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2021 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23337\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_unifier\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_unifier.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Unifier\", \"www/weblogic\");\n script_require_ports(\"Services/www\", 8002);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:8002);\nget_kb_item_or_exit('www/weblogic/' + port + '/installed');\n\nvar app_info = vcf::get_app_info(app:'Oracle Primavera Unifier', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nvar constraints = [\n { 'min_version' : '17.7', 'fixed_version' : '17.12.11.9' },\n { 'min_version' : '18.8', 'fixed_version' : '18.8.18.7' },\n { 'min_version' : '19.12', 'fixed_version' : '19.12.16' },\n { 'min_version' : '20.12', 'fixed_version' : '20.12.10' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:11", "description": "The version of Primavera Gateway installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory, including the following:\n\n - Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: SIM Integration (JDBC)). Supported versions that are affected are 14.1, 15.0 and 16.0.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Retail Store Inventory Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Store Inventory Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. (CVE-2021-2351)\n\n - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: File Management (Apache Commons Compress)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12 and 20.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. (CVE-2021-36090)\n\n - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component:\n Platform, UI (Lodash)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12 and 20.12. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. (CVE-2021-23337)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-21T00:00:00", "type": "nessus", "title": "Oracle Primavera Gateway (Oct 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23337", "CVE-2021-2351", "CVE-2021-29425", "CVE-2021-36090", "CVE-2021-36374"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:oracle:primavera_gateway"], "id": "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2021.NASL", "href": "https://www.tenable.com/plugins/nessus/154297", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154297);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2021-2351\",\n \"CVE-2021-23337\",\n \"CVE-2021-29425\",\n \"CVE-2021-36090\",\n \"CVE-2021-36374\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0480\");\n\n script_name(english:\"Oracle Primavera Gateway (Oct 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Primavera Gateway installed on the remote host is affected by multiple vulnerabilities as referenced in\nthe October 2021 CPU advisory, including the following:\n\n - Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications\n (component: SIM Integration (JDBC)). Supported versions that are affected are 14.1, 15.0 and 16.0.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to\n compromise Oracle Retail Store Inventory Management. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Oracle Retail Store Inventory Management,\n attacks may significantly impact additional products. Successful attacks of this vulnerability can result\n in takeover of Oracle Retail Store Inventory Management. (CVE-2021-2351)\n\n - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: File\n Management (Apache Commons Compress)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12\n and 20.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP\n to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. (CVE-2021-36090)\n\n - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component:\n Platform, UI (Lodash)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12 and 20.12. Easily\n exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise\n Primavera Unifier. (CVE-2021-23337)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuoct2021cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2021 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23337\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-2351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_gateway\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_gateway.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Gateway\");\n script_require_ports(\"Services/www\", 8006);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nget_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);\n\nvar port = get_http_port(default:8006);\n\nvar app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nvar constraints = [\n { 'min_version' : '17.12.0', 'max_version' : '17.12.11', 'fixed_display' : 'See vendor advisory' },\n { 'min_version' : '18.8.0', 'fixed_version': '18.8.13' },\n { 'min_version' : '19.12.0', 'fixed_version' : '19.12.12' },\n { 'min_version' : '20.12.0', 'fixed_version' : '20.12.7.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:18", "description": "The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the Oct 2022 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilites:\n\n - Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Framework (dojo)). The supported version that is affected is 3.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. (CVE-2021-23450)\n\n - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jackson-databind)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. (CVE-2020-36518)\n\n - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Apache Santuario XML Security For Java)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data. (CVE-2021-40690)\n\nNote that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-20T00:00:00", "type": "nessus", "title": "Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36518", "CVE-2021-23450", "CVE-2021-40690", "CVE-2021-43859", "CVE-2022-23437", "CVE-2022-24729", "CVE-2022-24823", "CVE-2022-30126"], "modified": "2022-10-21T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:webcenter_portal"], "id": "ORACLE_WEBCENTER_PORTAL_CPU_OCT_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/166335", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166335);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/21\");\n\n script_cve_id(\n \"CVE-2020-36518\",\n \"CVE-2021-23450\",\n \"CVE-2021-40690\",\n \"CVE-2021-43859\",\n \"CVE-2022-23437\",\n \"CVE-2022-24729\",\n \"CVE-2022-24823\",\n \"CVE-2022-30126\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0431\");\n\n script_name(english:\"Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the Oct 2022\nCritical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilites:\n\n - Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: \n Framework (dojo)). The supported version that is affected is 3.0.3.0. Easily exploitable vulnerability allows \n unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful \n attacks of this vulnerability can result in takeover of Oracle Communications Convergence. (CVE-2021-23450)\n\n - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework \n (jackson-databind)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable \n vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. \n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently \n repeatable crash (complete DOS) of Oracle WebCenter Portal. (CVE-2020-36518)\n\n - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework \n (Apache Santuario XML Security For Java)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. \n Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle \n WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or \n complete access to all Oracle WebCenter Portal accessible data. (CVE-2021-40690)\n\nNote that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported \nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuoct2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:webcenter_portal\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_webcenter_portal_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle WebCenter Portal\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle_webcenter_portal.inc');\n\nvar app_info = vcf::oracle_webcenter_portal::get_app_info();\n\nvar constraints = [\n {'min_version' : '12.2.1.3', 'fixed_version' : '12.2.1.3.220901'},\n {'min_version' : '12.2.1.4', 'fixed_version' : '12.2.1.4.220902'}\n];\n\nvcf::oracle_webcenter_portal::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T18:03:18", "description": "The versions of Oracle Business Intelligence Enterprise Edition (OBIEE) installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.\n\n - A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. (CVE-2019-10172)\n\n - An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.\n (CVE-2020-28052)\n\n - The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. (CVE-2021-23926)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-25T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Enterprise Edition (Apr 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3720", "CVE-2019-10172", "CVE-2020-28052", "CVE-2021-23926", "CVE-2021-36090", "CVE-2022-34169", "CVE-2023-21910", "CVE-2023-21941"], "modified": "2023-07-21T00:00:00", "cpe": ["cpe:/a:oracle:business_intelligence"], "id": "ORACLE_OBIEE_CPU_APR_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/174742", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174742);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/21\");\n\n script_cve_id(\n \"CVE-2019-10172\",\n \"CVE-2020-28052\",\n \"CVE-2021-23926\",\n \"CVE-2021-36090\",\n \"CVE-2022-34169\",\n \"CVE-2023-21910\",\n \"CVE-2023-21941\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Business Intelligence Enterprise Edition (Apr 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Business Intelligence Enterprise Edition (OBIEE) installed\non the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.\n\n - A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity\n vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different\n classes. (CVE-2019-10172)\n\n - An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The\n OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing\n incorrect passwords to indicate they were matching with previously hashed ones that were different.\n (CVE-2020-28052)\n\n - The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user\n from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects\n XMLBeans up to and including v2.6.0. (CVE-2021-23926)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28052\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-23926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_business_intelligence_enterprise_edition_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Enterprise Edition\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Business Intelligence Enterprise Edition');\n\nvar constraints = [\n {'min_version': '12.2.1.4.0', 'fixed_version': '12.2.1.4.230407', 'fixed_display': '12.2.1.4.230407 patch: 35268009'}\n];\n\nvcf::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5555 advisory.\n\n - springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)\n\n - nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n - apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)\n\n - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n - spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\n - semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22096", "CVE-2021-33623", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3807", "CVE-2022-22950", "CVE-2022-31051"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:apache-commons-compress", "p-cpe:/a:redhat:enterprise_linux:apache-commons-compress-javadoc", "p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies", "p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui"], "id": "REDHAT-RHSA-2022-5555.NASL", "href": "https://www.tenable.com/plugins/nessus/163260", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5555. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163260);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2021-3807\",\n \"CVE-2021-33623\",\n \"CVE-2021-35515\",\n \"CVE-2021-35516\",\n \"CVE-2021-35517\",\n \"CVE-2021-36090\",\n \"CVE-2022-22950\",\n \"CVE-2022-31051\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5555\");\n\n script_name(english:\"RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5555 advisory.\n\n - springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)\n\n - nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n - apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive\n (CVE-2021-35516)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive\n (CVE-2021-35517)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive\n (CVE-2021-36090)\n\n - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n - spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\n - semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri\n encoding (CVE-2022-31051)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-22096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2007557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2097414\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 200, 212, 400, 770, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-compress-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/debug',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/os',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'apache-commons-compress-1.21-1.2.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'apache-commons-compress-javadoc-1.21-1.2.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-dependencies-4.5.2-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-web-ui-1.9.0-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-compress / apache-commons-compress-javadoc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-24T19:34:02", "description": "The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 and 7.0.0.0 installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. \n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.\n (CVE-2018-1282)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-21T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1282", "CVE-2019-10086", "CVE-2019-17531", "CVE-2020-11988", "CVE-2021-33813", "CVE-2021-36090", "CVE-2021-37533", "CVE-2021-41183", "CVE-2021-41184", "CVE-2022-1471", "CVE-2022-24891", "CVE-2022-25647", "CVE-2022-29361", "CVE-2022-31777", "CVE-2022-33980", "CVE-2022-42003", "CVE-2022-46364", "CVE-2022-48285", "CVE-2023-1436", "CVE-2023-20861", "CVE-2023-22011", "CVE-2023-22013", "CVE-2023-22020", "CVE-2023-22021", "CVE-2023-22061", "CVE-2023-28439"], "modified": "2023-07-24T00:00:00", "cpe": ["cpe:/a:oracle:business_intelligence"], "id": "ORACLE_OBIEE_CPU_JUL_2023_OAS.NASL", "href": "https://www.tenable.com/plugins/nessus/178710", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178710);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/24\");\n\n script_cve_id(\n \"CVE-2018-1282\",\n \"CVE-2019-10086\",\n \"CVE-2019-17531\",\n \"CVE-2020-11988\",\n \"CVE-2021-33813\",\n \"CVE-2021-36090\",\n \"CVE-2021-37533\",\n \"CVE-2021-41183\",\n \"CVE-2021-41184\",\n \"CVE-2022-1471\",\n \"CVE-2022-24891\",\n \"CVE-2022-25647\",\n \"CVE-2022-29361\",\n \"CVE-2022-31777\",\n \"CVE-2022-33980\",\n \"CVE-2022-42003\",\n \"CVE-2022-46364\",\n \"CVE-2022-48285\",\n \"CVE-2023-1436\",\n \"CVE-2023-20861\",\n \"CVE-2023-22011\",\n \"CVE-2023-22013\",\n \"CVE-2023-22020\",\n \"CVE-2023-22021\",\n \"CVE-2023-22061\",\n \"CVE-2023-28439\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 and 7.0.0.0 installed on the remote\nhost are affected by a vulnerability as referenced in the July 2023 CPU advisory. \n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics \n (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0, \n 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network \n access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of \n this vulnerability can result in unauthorized creation, deletion or modification access to critical data \n or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to \n critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.\n (CVE-2018-1282)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics \n (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and \n 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP \n to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability \n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of \n Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics \n (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and \n 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP \n to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human \n interaction from a person other than the attacker and while the vulnerability is in Oracle Business \n Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). \n Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to \n some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read \n access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujul2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33980\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-46364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_analytics_server_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Analytics Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Analytics Server');\n\n# based on Oracle CPU data\nvar constraints = [\n {'min_version': '6.4.0.0.0', 'fixed_version': '6.4.0.0.230629', 'fixed_display': '6.4.0.0.230629 patch: 35551080'},\n {'min_version': '7.0.0.0.0', 'fixed_version': '7.0.0.0.230710', 'fixed_display': '7.0.0.0.230710 patch: 35584677'}\n];\n\nvcf::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:34", "description": "The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the April 2022 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities:\n\n - An XML external entity vulnerability in the bundled jackson-databind component which allows an unauthenticated attacker with network access via HTTP to access, create or delete all data accessible to Oracle WebCenter Portal. (CVE-2020-25649)\n\n - Denial of service vulnerabilities in the bundled Apache Tika, jsoup, Netty and Apache Commons Compress components which allow an unauthenticated attacker with network access via HTTP to cause a hang or frequently repeatable crash of the Oracle WebCenter Portal. (CVE-2020-28657, CVE-2021-36090, CVE-2021-37137, CVE-2021-37714)\n\n - A path traversal vulnerability in the bundled Apache Commons IO component which allows an unauthenticated attacker with network access via HTTP to read, update or delete a subset of data accessible to Oracle WebCenter Portal.\n (CVE-2021-29425)\n\n - A Denial of service vulnerability in the bundled Apache PDFBox component which allows an unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Portal executes, with human interaction from another user to cause a hang or frequently repeatable crash of the Oracle WebCenter Portal. (CVE-2021-31912)\n\n - A cross-site scripting vulnerability in the bundled CKEditor component which allows a low privileged attacker with network access via HTTP, with human interaction from another user, to read, update or delete a subset of data accessible to Oracle WebCenter Portal. (CVE-2021-41165)\n\n - A remote code execution vulnerability in the bundled Apache Log4J component which allows a high privileged attacker with network access via HTTP to execute arbitrary code on the Oracle WebCenter Portal. (CVE-2021-44832)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25649", "CVE-2020-28657", "CVE-2021-28657", "CVE-2021-29425", "CVE-2021-31812", "CVE-2021-31912", "CVE-2021-36090", "CVE-2021-37137", "CVE-2021-37714", "CVE-2021-41165", "CVE-2021-44832"], "modified": "2022-12-30T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:webcenter_portal"], "id": "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/159954", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159954);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\n \"CVE-2020-25649\",\n \"CVE-2021-28657\",\n \"CVE-2021-29425\",\n \"CVE-2021-31812\",\n \"CVE-2021-36090\",\n \"CVE-2021-37137\",\n \"CVE-2021-37714\",\n \"CVE-2021-41165\",\n \"CVE-2021-44832\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the April 2022\nCritical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities:\n\n - An XML external entity vulnerability in the bundled jackson-databind component which allows an unauthenticated\n attacker with network access via HTTP to access, create or delete all data accessible to Oracle WebCenter\n Portal. (CVE-2020-25649)\n\n - Denial of service vulnerabilities in the bundled Apache Tika, jsoup, Netty and Apache Commons Compress components which\n allow an unauthenticated attacker with network access via HTTP to cause a hang or frequently repeatable crash\n of the Oracle WebCenter Portal. (CVE-2020-28657, CVE-2021-36090, CVE-2021-37137, CVE-2021-37714)\n\n - A path traversal vulnerability in the bundled Apache Commons IO component which allows an unauthenticated attacker\n with network access via HTTP to read, update or delete a subset of data accessible to Oracle WebCenter Portal.\n (CVE-2021-29425)\n\n - A Denial of service vulnerability in the bundled Apache PDFBox component which allows an unauthenticated attacker\n with logon to the infrastructure where Oracle WebCenter Portal executes, with human interaction from another user\n to cause a hang or frequently repeatable crash of the Oracle WebCenter Portal. (CVE-2021-31912)\n\n - A cross-site scripting vulnerability in the bundled CKEditor component which allows a low privileged attacker\n with network access via HTTP, with human interaction from another user, to read, update or delete a subset of\n data accessible to Oracle WebCenter Portal. (CVE-2021-41165)\n\n - A remote code execution vulnerability in the bundled Apache Log4J component which allows a high privileged\n attacker with network access via HTTP to execute arbitrary code on the Oracle WebCenter Portal. (CVE-2021-44832)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25649\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:webcenter_portal\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_webcenter_portal_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle WebCenter Portal\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_oracle_webcenter_portal.inc');\n\nvar app_info = vcf::oracle_webcenter_portal::get_app_info();\n\nvar constraints = [\n { 'min_version' : '12.2.1.3.0', 'fixed_version' : '12.2.1.3.220321' },\n { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.220314' }\n];\n\nvcf::oracle_webcenter_portal::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:24", "description": "The version of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.\n\n - Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate Microservices (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. (CVE-2020-35169)\n\n - Vulnerability in the Oracle Goldengate product of Oracle GoldenGate (component: Stream Analytics (JinJava)). The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Goldengate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Goldengate accessible data. (CVE-2018-18893)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "Oracle GoldenGate (Oct 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18893", "CVE-2020-29508", "CVE-2020-35163", "CVE-2020-35164", "CVE-2020-35166", "CVE-2020-35167", "CVE-2020-35168", "CVE-2020-35169", "CVE-2020-36518", "CVE-2021-36090", "CVE-2022-23437"], "modified": "2022-11-04T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:goldengate"], "id": "ORACLE_GOLDENGATE_CPU_OCT_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/166440", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166440);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/04\");\n\n script_cve_id(\n \"CVE-2018-18893\",\n \"CVE-2020-29508\",\n \"CVE-2020-35163\",\n \"CVE-2020-35164\",\n \"CVE-2020-35166\",\n \"CVE-2020-35167\",\n \"CVE-2020-35168\",\n \"CVE-2020-35169\",\n \"CVE-2020-36518\",\n \"CVE-2021-36090\",\n \"CVE-2022-23437\"\n );\n\n script_name(english:\"Oracle GoldenGate (Oct 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the\nOctober 2022 CPU advisory.\n\n - Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate Microservices (Dell BSAFE Micro Edition\n Suite)). The supported version that is affected is 19c. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via HTTPS to compromise Oracle GoldenGate. Successful\n attacks of this vulnerability can result in takeover of Oracle GoldenGate. (CVE-2020-35169)\n\n - Vulnerability in the Oracle Goldengate product of Oracle GoldenGate (component: Stream Analytics\n (JinJava)). The supported version that is affected is 19c. Easily exploitable vulnerability allows low\n privileged attacker with network access via HTTP to compromise Oracle Goldengate. Successful attacks of\n this vulnerability can result in unauthorized read access to a subset of Oracle Goldengate accessible\n data. (CVE-2018-18893)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuoct2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:goldengate\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_goldengate_installed.nbin\");\n script_require_keys(\"Oracle/GoldenGate/Installed\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\ninclude('debug.inc');\n\nvar app_info = vcf::oracle_goldengate::get_app_info();\n\nvar constraints = [\n {\n 'min_version' : '19.1',\n 'fixed_version' : '19.1.0.0.221018',\n 'fixed_display' : '19.1.0.0.221018 (34648537 / 34653308 / 34653311 / 34653323)'\n },\n {\n 'min_version' : '21.3',\n 'fixed_version' : '21.8.0.0.0',\n 'fixed_display' : '21.8.0.0.0 (34686059 / 34686071)'\n }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:18", "description": "The 12.1.0.2, 19c, 21c, All Supported Versions, and None versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory.\n\n - Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server.\n For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. (CVE-2022-21510)\n\n - Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. (CVE-2022-21511)\n\n - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. (CVE-2022-21565)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "Oracle Oracle Database Server (Jul 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29505", "CVE-2020-29506", "CVE-2020-29507", "CVE-2020-35167", "CVE-2020-35169", "CVE-2021-41184", "CVE-2021-45943", "CVE-2022-0839", "CVE-2022-21432", "CVE-2022-21510", "CVE-2022-21511", "CVE-2022-21565", "CVE-2022-24729", "CVE-2022-24891"], "modified": "2023-05-08T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JUL_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/163408", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163408);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/08\");\n\n script_cve_id(\n \"CVE-2020-29505\",\n \"CVE-2020-29506\",\n \"CVE-2020-29507\",\n \"CVE-2020-35167\",\n \"CVE-2020-35169\",\n \"CVE-2021-41184\",\n \"CVE-2021-45943\",\n \"CVE-2022-0839\",\n \"CVE-2022-21432\",\n \"CVE-2022-21510\",\n \"CVE-2022-21511\",\n \"CVE-2022-21565\",\n \"CVE-2022-24729\",\n \"CVE-2022-24891\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0283\");\n\n script_name(english:\"Oracle Oracle Database Server (Jul 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 12.1.0.2, 19c, 21c, All Supported Versions, and None versions of Oracle Database Server installed on the remote host\nare affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory.\n\n - Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server.\n For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged\n attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise\n Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the\n vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact\n additional products (scope change). Successful attacks of this vulnerability can result in takeover of\n Oracle Database - Enterprise Edition Sharding. (CVE-2022-21510)\n\n - Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For\n supported versions that are affected see note. Easily exploitable vulnerability allows high privileged\n attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle\n Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of\n Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. (CVE-2022-21511)\n\n - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are\n 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure\n privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability\n can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible\n data. (CVE-2022-21565)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujul2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0839\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_rdbms::get_app_info();\n\nvar constraints = [\n # RDBMS:\n {'min_version': '21.0', 'fixed_version': '21.7.0.0.220719', 'missing_patch':'34160444', 'os':'unix', 'component':'db'},\n {'min_version': '21.0', 'fixed_version': '21.7.0.0.220719', 'missing_patch':'34110698', 'os':'win', 'component':'db'},\n\n {'min_version': '19.0', 'fixed_version': '19.14.2.0.220719', 'missing_patch':'34110559', 'os':'unix', 'component':'db'},\n {'min_version': '19.0', 'fixed_version': '19.16.0.0.220719', 'missing_patch':'34110685', 'os':'win', 'component':'db'},\n {'min_version': '19.15', 'fixed_version': '19.15.1.0.220719', 'missing_patch':'34119532', 'os':'unix', 'component':'db'},\n {'min_version': '19.16', 'fixed_version': '19.16.0.0.220719', 'missing_patch':'34133642', 'os':'unix', 'component':'db'},\n\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.220719', 'missing_patch':'34057742, 34057733', 'os':'unix', 'component':'db'},\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.220719', 'missing_patch':'33883271', 'os':'win', 'component':'db'},\n\n # OJVM:\n {'min_version': '19.0', 'fixed_version': '19.16.0.0.220719', 'missing_patch':'34086870', 'os':'unix', 'component':'ojvm'},\n {'min_version': '19.0', 'fixed_version': '19.16.0.0.220719', 'missing_patch':'34086870', 'os':'win', 'component':'ojvm'},\n\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.220719', 'missing_patch':'34086863', 'os':'unix', 'component':'ojvm'},\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.220719', 'missing_patch':'34185253', 'os':'win', 'component':'ojvm'}\n];\n\nvcf::oracle_rdbms::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:47:18", "description": "The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.\n (CVE-2023-24998)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2022-40152)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2021-36090)\n\n Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-19T00:00:00", "type": "nessus", "title": "Oracle WebLogic Server (Apr 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25638", "CVE-2020-6950", "CVE-2021-22569", "CVE-2021-31684", "CVE-2021-36090", "CVE-2022-31160", "CVE-2022-40152", "CVE-2022-45685", "CVE-2023-21931", "CVE-2023-21956", "CVE-2023-21960", "CVE-2023-21964", "CVE-2023-21979", "CVE-2023-21996", "CVE-2023-24998"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:weblogic_server"], "id": "ORACLE_WEBLOGIC_SERVER_CPU_APR_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/174464", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174464);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\n \"CVE-2020-25638\",\n \"CVE-2020-6950\",\n \"CVE-2021-22569\",\n \"CVE-2021-31684\",\n \"CVE-2021-36090\",\n \"CVE-2022-31160\",\n \"CVE-2022-40152\",\n \"CVE-2022-45685\",\n \"CVE-2023-21931\",\n \"CVE-2023-21956\",\n \"CVE-2023-21960\",\n \"CVE-2023-21964\",\n \"CVE-2023-21979\",\n \"CVE-2023-21996\",\n \"CVE-2023-24998\"\n );\n\n script_name(english:\"Oracle WebLogic Server (Apr 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023\nCritical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console\n (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and\n 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP\n to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.\n (CVE-2023-24998)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples\n (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic\n Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2022-40152)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party\n (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise\n Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2021-36090)\n\n Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25638\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-21979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:weblogic_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_weblogic_server_installed.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/Oracle WebLogic Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_weblogic::get_app_info();\n\nvar constraints = [\n { 'min_version' : '12.2.1.3.0', 'fixed_version' : '12.2.1.3.230402', 'fixed_display' : '35247514' }, # WLS Stack Patch Bundle\n { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.230328', 'fixed_display' : '35226999 or 35233446' },\n { 'min_version' : '14.1.1.0.0', 'fixed_version' : '14.1.1.0.230328', 'fixed_display' : '35227385 or 35233478' }\n];\n\nvcf::oracle_weblogic::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-04T17:18:10", "description": "The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x prior to 11.2.4 FP1. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. (CVE-2021-3518)\n\n - Node.js could allow a local attacker to gain elevated privileges on the system, caused by the DLL search order hijacking of providers.dll. By placing a specially crafted file, an attacker could exploit this vulnerability to escalate privileges. (CVE-2022-32223)\n\n - Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in inline.reflinkSearch. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. (CVE-2022-21681)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-12T00:00:00", "type": "nessus", "title": "IBM Cognos Analytics Multiple Vulnerabilities (6986505)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5237", "CVE-2021-22569", "CVE-2021-3516", "CVE-2021-3518", "CVE-2021-39036", "CVE-2022-21680", "CVE-2022-21681", "CVE-2022-24434", "CVE-2022-24728", "CVE-2022-24729", "CVE-2022-31129", "CVE-2022-3171", "CVE-2022-32212", "CVE-2022-32213", "CVE-2022-32214", "CVE-2022-32215", "CVE-2022-32223", "CVE-2022-34165", "CVE-2022-35255", "CVE-2022-35256", "CVE-2022-38900", "CVE-2022-39135", "CVE-2022-41881", "CVE-2022-43548", "CVE-2022-45061"], "modified": "2023-07-27T00:00:00", "cpe": ["cpe:/a:ibm:cognos_analytics"], "id": "IBM_COGNOS_6986505.NASL", "href": "https://www.tenable.com/plugins/nessus/175429", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175429);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/27\");\n\n script_cve_id(\n \"CVE-2015-5237\",\n \"CVE-2021-22569\",\n \"CVE-2021-3516\",\n \"CVE-2021-3518\",\n \"CVE-2021-39036\",\n \"CVE-2021-39036\",\n \"CVE-2022-21680\",\n \"CVE-2022-24434\",\n \"CVE-2022-24728\",\n \"CVE-2022-24729\",\n \"CVE-2022-31129\",\n \"CVE-2022-3171\",\n \"CVE-2022-32212\",\n \"CVE-2022-32213\",\n \"CVE-2022-32214\",\n \"CVE-2022-32215\",\n \"CVE-2022-32223\",\n \"CVE-2022-34165\",\n \"CVE-2022-35255\",\n \"CVE-2022-35256\",\n \"CVE-2022-38900\",\n \"CVE-2022-39135\",\n \"CVE-2022-41881\",\n \"CVE-2022-43548\",\n \"CVE-2022-45061\"\n );\n script_xref(name:\"IAVB\", value:\"2023-B-0032-S\");\n\n script_name(english:\"IBM Cognos Analytics Multiple Vulnerabilities (6986505)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x \nprior to 11.2.4 FP1. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free \n flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could \n exploit this vulnerability to execute arbitrary code on the system. (CVE-2021-3518)\n\n - Node.js could allow a local attacker to gain elevated privileges on the system, caused by the DLL search order \n hijacking of providers.dll. By placing a specially crafted file, an attacker could exploit this vulnerability \n to escalate privileges. (CVE-2022-32223)\n\n - Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service \n (ReDoS) flaw in inline.reflinkSearch. By sending a specially-crafted regex input, a remote attacker could exploit \n this vulnerability to cause a denial of service condition. (CVE-2022-21681)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6986505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM Cognos Analytics 11.1.7 FP7, 11.2.4 FP1, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3518\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-39135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:cognos_analytics\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_cognos_analytics_web_detect.nbin\");\n script_require_keys(\"installed_sw/IBM Cognos Analytics\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar app = 'IBM Cognos Analytics';\n\nvar port = get_http_port(default:443);\n\nvar app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\n\nvar constraints = [\n { 'min_version':'11.1', 'max_version':'11.1.6', 'fixed_display':'11.1.7 FP7' },\n# Remote detection cannot determine fix pack\n { 'equal':'11.1.7', 'fixed_display':'11.1.7 FP7', 'require_paranoia':TRUE },\n { 'min_version':'11.2', 'fixed_version':'11.2.3', 'fixed_display':'11.2.4 FP1'},\n# Remote detection cannot determine fix pack\n { 'equal':'11.2.4', 'fixed_display':'11.2.4 FP1', 'require_paranoia':TRUE }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T08:16:02", "description": "According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:\n\n - Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. (CVE-2022-45379)\n\n - Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-45380)\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. (CVE-2022-33980)\n\n - Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. (CVE-2022-45381)\n\n - Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. (CVE-2022-45382)\n\n - An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. (CVE-2022-45383)\n\n - Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. (CVE-2022-45384)\n\n - A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. (CVE-2022-45385)\n\n - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. (CVE-2022-45392)\n\n - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.\n (CVE-2022-45391)\n\n - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. (CVE-2022-38666)\n\n - Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2022-45386)\n\n - Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. (CVE-2022-45387)\n\n - Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. (CVE-2022-45388)\n\n - A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. (CVE-2022-45389)\n\n - A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. (CVE-2022-45390)\n\n - A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. (CVE-2022-45393)\n\n - A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. (CVE-2022-45394)\n\n - Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2022-45395)\n\n - Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2022-45396)\n\n - Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2022-45397)\n\n - A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. (CVE-2022-45398)\n\n - A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. (CVE-2022-45399)\n\n - Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2022-45400)\n\n - Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n (CVE-2022-45401)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-08-04T00:00:00", "type": "nessus", "title": "Jenkins plugins Multiple Vulnerabilities (2022-11-15)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-33980", "CVE-2022-38666", "CVE-2022-45379", "CVE-2022-45380", "CVE-2022-45381", "CVE-2022-45382", "CVE-2022-45383", "CVE-2022-45384", "CVE-2022-45385", "CVE-2022-45386", "CVE-2022-45387", "CVE-2022-45388", "CVE-2022-45389", "CVE-2022-45390", "CVE-2022-45391", "CVE-2022-45392", "CVE-2022-45393", "CVE-2022-45394", "CVE-2022-45395", "CVE-2022-45396", "CVE-2022-45397", "CVE-2022-45398", "CVE-2022-45399", "CVE-2022-45400", "CVE-2022-45401"], "modified": "2023-08-07T00:00:00", "cpe": ["cpe:/a:cloudbees:jenkins", "cpe:/a:jenkins:jenkins"], "id": "JENKINS_SECURITY_ADVISORY_2022-11-15_PLUGINS.NASL", "href": "https://www.tenable.com/plugins/nessus/179362", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(179362);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/07\");\n\n script_cve_id(\n \"CVE-2022-33980\",\n \"CVE-2022-38666\",\n \"CVE-2022-45379\",\n \"CVE-2022-45380\",\n \"CVE-2022-45381\",\n \"CVE-2022-45382\",\n \"CVE-2022-45383\",\n \"CVE-2022-45384\",\n \"CVE-2022-45385\",\n \"CVE-2022-45386\",\n \"CVE-2022-45387\",\n \"CVE-2022-45388\",\n \"CVE-2022-45389\",\n \"CVE-2022-45390\",\n \"CVE-2022-45391\",\n \"CVE-2022-45392\",\n \"CVE-2022-45393\",\n \"CVE-2022-45394\",\n \"CVE-2022-45395\",\n \"CVE-2022-45396\",\n \"CVE-2022-45397\",\n \"CVE-2022-45398\",\n \"CVE-2022-45399\",\n \"CVE-2022-45400\",\n \"CVE-2022-45401\"\n );\n\n script_name(english:\"Jenkins plugins Multiple Vulnerabilities (2022-11-15)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on a remote web server host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are\naffected by multiple vulnerabilities:\n\n - Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the\n SHA-1 hash of the script, making it vulnerable to collision attacks. (CVE-2022-45379)\n\n - Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to\n clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability\n exploitable by attackers with Item/Configure permission. (CVE-2022-45380)\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically\n evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used\n to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the\n interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances\n included interpolators that could result in arbitrary code execution or contact with remote servers. These\n lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using\n the interpolation defaults in the affected versions may be vulnerable to remote code execution or\n unintentional contact with remote servers if untrusted configuration values are used. Users are\n recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators\n by default. (CVE-2022-33980)\n\n - Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix\n interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix\n interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the\n Jenkins controller file system. (CVE-2022-45381)\n\n - Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that\n were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability\n exploitable by attackers able to edit build display names. (CVE-2022-45382)\n\n - An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows\n attackers with Support/DownloadBundle permission to download a previously created support bundle\n containing information limited to users with Overall/Administer permission. (CVE-2022-45383)\n\n - Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the\n global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the\n Jenkins controller file system. (CVE-2022-45384)\n\n - A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier\n allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified\n repository. (CVE-2022-45385)\n\n - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted\n in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read\n permission, or access to the Jenkins controller file system. (CVE-2022-45392)\n\n - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally\n disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.\n (CVE-2022-45391)\n\n - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables\n SSL/TLS certificate and hostname validation for several features. (CVE-2022-38666)\n\n - Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external\n entity (XXE) attacks. (CVE-2022-45386)\n\n - Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it\n on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. (CVE-2022-45387)\n\n - Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP\n endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins\n controller file system. (CVE-2022-45388)\n\n - A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to\n trigger builds of jobs corresponding to an attacker-specified repository. (CVE-2022-45389)\n\n - A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with\n Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. (CVE-2022-45390)\n\n - A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows\n attackers to delete build logs. (CVE-2022-45393)\n\n - A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read\n permission to delete build logs. (CVE-2022-45394)\n\n - Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE)\n attacks. (CVE-2022-45395)\n\n - Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external\n entity (XXE) attacks. (CVE-2022-45396)\n\n - Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to\n prevent XML external entity (XXE) attacks. (CVE-2022-45397)\n\n - A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier\n allows attackers to delete recorded Jenkins Cluster Statistics. (CVE-2022-45398)\n\n - A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to\n delete recorded Jenkins Cluster Statistics. (CVE-2022-45399)\n\n - Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity\n (XXE) attacks. (CVE-2022-45400)\n\n - Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in\n a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n (CVE-2022-45401)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jenkins.io/security/advisory/2022-11-15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update Jenkins plugins to the following versions:\n - Associated Files Plugin: See vendor advisory\n - BART Plugin: See vendor advisory\n - CCCC Plugin: See vendor advisory\n - CloudBees Docker Hub/Registry Notification Plugin to version 2.6.2.1 or later\n - Cluster Statistics Plugin: See vendor advisory\n - Config Rotator Plugin: See vendor advisory\n - Delete log Plugin: See vendor advisory\n - JAPEX Plugin: See vendor advisory\n - JUnit Plugin to version 1160.vf1f01a_a_ea_b_7f or later\n - loader.io Plugin: See vendor advisory\n - Naginator Plugin to version 1.18.2 or later\n - NS-ND Integration Performance Publisher Plugin: See vendor advisory\n - OSF Builder Suite : : XML Linter Plugin: See vendor advisory\n - Pipeline Utility Steps Plugin to version 2.13.2 or later\n - Reverse Proxy Auth Plugin to version 1.7.4 or later\n - Script Security Plugin to version 1190.v65867a_a_47126 or later\n - SourceMonitor Plugin: See vendor advisory\n - Support Core Plugin to version 1206.1208.v9b_7a_1d48db_0f or later\n - Violations Plugin: See vendor advisory\n - XP-Dev Plugin: See vendor advisory\n\nSee vendor advisory for more details.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33980\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-45400\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jenkins:jenkins\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_plugins_detect.nbin\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar constraints = [\n {'max_version' : '0.2.1', 'fixed_display' : 'See vendor advisory', 'plugin' : 'Associated Files Plugin'},\n {'max_version' : '1.0.3', 'fixed_display' : 'See vendor advisory', 'plugin' : 'BART Plugin'},\n {'max_version' : '0.6', 'fixed_display' : 'See vendor advisory', 'plugin' : 'CCCC Plugin'},\n {'max_version' : '2.6.2', 'fixed_version' : '2.6.2.1', 'plugin' : 'CloudBees Docker Hub/Registry Notification Plugin'},\n {'max_version' : '0.4.6', 'fixed_display' : 'See vendor advisory', 'plugin' : 'Cluster Statistics Plugin'},\n {'max_version' : '2.0.1', 'fixed_display' : 'See vendor advisory', 'plugin' : 'Config Rotator Plugin'},\n {'max_version' : '1.0', 'fixed_display' : 'See vendor advisory', 'plugin' : 'Delete log Plugin'},\n {'max_version' : '1.7', 'fixed_display' : 'See vendor advisory', 'plugin' : 'JAPEX Plugin'},\n {'max_version' : '1159', 'fixed_version' : '1160', 'fixed_display' : '1160.vf1f01a_a_ea_b_7f', 'plugin' : 'JUnit Plugin'},\n {'max_version' : '1.0.1', 'fixed_display' : 'See vendor advisory', 'plugin' : 'loader.io Plugin'},\n {'max_version' : '1.18.1', 'fixed_version' : '1.18.2', 'plugin' : 'Naginator Plugin'},\n {'max_version' : '4.8.0.146', 'fixed_display' : 'See vendor advisory', 'plugin' : 'NS-ND Integration Performance Publisher Plugin'},\n {'max_version' : '1.0.2', 'fixed_display' : 'See vendor advisory', 'plugin' : 'OSF Builder Suite : : XML Linter Plugin'},\n {'max_version' : '2.13.1', 'fixed_version' : '2.13.2', 'plugin' : 'Pipeline Utility Steps Plugin'},\n {'max_version' : '1.7.3', 'fixed_version' : '1.7.4', 'plugin' : 'Reverse Proxy Auth Plugin'},\n {'max_version' : '1189', 'fixed_version' : '1190', 'fixed_display' : '1190.v65867a_a_47126', 'plugin' : 'Script Security Plugin'},\n {'max_version' : '0.2', 'fixed_display' : 'See vendor advisory', 'plugin' : 'SourceMonitor Plugin'},\n {'max_version' : '1206', 'fixed_version' : '1206.1208', 'fixed_display' : '1206.1208.v9b_7a_1d48db_0f', 'plugin' : 'Support Core Plugin'},\n {'max_version' : '0.7.11', 'fixed_display' : 'See vendor advisory', 'plugin' : 'Violations Plugin'},\n {'max_version' : '1.0', 'fixed_display' : 'See vendor advisory', 'plugin' : 'XP-Dev Plugin'}\n];\n\nvar app_info = vcf::jenkins::plugin::get_app_info(plugins:constraints);\n\nvcf::jenkins::plugin::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'xsrf':TRUE, 'xss':TRUE}\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:13", "description": "The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following:\n\n - CVE-2022-38751 on snakeyaml (fixed train 2.346.x.0.z) (BEE-23728)\n\n - CVE-2022-38749 on snakeyaml (fixed train 2.346.x.0.z) (BEE-23729)\n\n - Remote code execution vulnerability in Pipeline Utility Steps Plugin (CVE-2022-33980)\n\n - SSL/TLS certificate validation unconditionally disabled by NS-ND Integration Performance Publisher Plugin (CVE-2022-38666)\n\n - Whole-script approval in Script Security Plugin vulnerable to SHA-1 collisions (CVE-2022-45379)\n\n - Stored XSS vulnerability in JUnit Plugin (CVE-2022-45380)\n\n - Arbitrary file read vulnerability in Pipeline Utility Steps Plugin (CVE-2022-45381)\n\n - Stored XSS vulnerability in Naginator Plugin (CVE-2022-45382)\n\n - Incorrect permission checks in Support Core Plugin (CVE-2022-45383)\n\n - Password stored in plain text by Reverse Proxy Auth Plugin (CVE-2022-45384)\n\n - Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin (CVE-2022-45385)\n\n - XXE vulnerability on agents in Violations Plugin (CVE-2022-45386)\n\n - Stored XSS vulnerability in BART Plugin (CVE-2022-45387)\n\n - Arbitrary file read vulnerability in Config Rotator Plugin (CVE-2022-45388)\n\n - Lack of authentication mechanism for webhook in XP-Dev Plugin (CVE-2022-45389)\n\n - Missing permission check in loader.io Plugin allows enumerating credentials IDs (CVE-2022-45390)\n\n - SSL/TLS certificate validation globally and unconditionally disabled by NS-ND Integration Performance Publisher Plugin (CVE-2022-45391)\n\n - Passwords stored in plain text by NS-ND Integration Performance Publisher Plugin (CVE-2022-45392)\n\n - CSRF vulnerability and missing permission check in Delete log Plugin (CVE-2022-45393, CVE-2022-45394)\n\n - XXE vulnerability on agents in CCCC Plugin (CVE-2022-45395)\n\n - XXE vulnerability on agents in SourceMonitor Plugin (CVE-2022-45396)\n\n - XXE vulnerability on agents in OSF Builder Suite :: XML Linter Plugin (CVE-2022-45397)\n\n - CSRF vulnerability and missing permission check in Cluster Statistics Plugin (CVE-2022-45398, CVE-2022-45399)\n\n - XXE vulnerability in JAPEX Plugin (CVE-2022-45400)\n\n - Stored XSS vulnerability in Associated Files Plugin (CVE-2022-45401)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-33980", "CVE-2022-38666", "CVE-2022-38749", "CVE-2022-38751", "CVE-2022-45379", "CVE-2022-45380", "CVE-2022-45381", "CVE-2022-45382", "CVE-2022-45383", "CVE-2022-45384", "CVE-2022-45385", "CVE-2022-45386", "CVE-2022-45387", "CVE-2022-45388", "CVE-2022-45389", "CVE-2022-45390", "CVE-2022-45391", "CVE-2022-45392", "CVE-2022-45393", "CVE-2022-45394", "CVE-2022-45395", "CVE-2022-45396", "CVE-2022-45397", "CVE-2022-45398", "CVE-2022-45399", "CVE-2022-45400", "CVE-2022-45401"], "modified": "2022-11-17T00:00:00", "cpe": ["cpe:/a:cloudbees:jenkins"], "id": "CLOUDBEES-SECURITY-ADVISORY-2022-11-15.NASL", "href": "https://www.tenable.com/plugins/nessus/167634", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167634);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/17\");\n\n script_cve_id(\n \"CVE-2022-33980\",\n \"CVE-2022-38666\",\n \"CVE-2022-45379\",\n \"CVE-2022-45380\",\n \"CVE-2022-45381\",\n \"CVE-2022-45382\",\n \"CVE-2022-45383\",\n \"CVE-2022-45384\",\n \"CVE-2022-45385\",\n \"CVE-2022-45386\",\n \"CVE-2022-45387\",\n \"CVE-2022-45388\",\n \"CVE-2022-45389\",\n \"CVE-2022-45390\",\n \"CVE-2022-45391\",\n \"CVE-2022-45392\",\n \"CVE-2022-45393\",\n \"CVE-2022-45394\",\n \"CVE-2022-45395\",\n \"CVE-2022-45396\",\n \"CVE-2022-45397\",\n \"CVE-2022-45398\",\n \"CVE-2022-45399\",\n \"CVE-2022-45400\",\n \"CVE-2022-45401\"\n );\n\n script_name(english:\"Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to\n2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following:\n\n - CVE-2022-38751 on snakeyaml (fixed train 2.346.x.0.z) (BEE-23728)\n\n - CVE-2022-38749 on snakeyaml (fixed train 2.346.x.0.z) (BEE-23729)\n\n - Remote code execution vulnerability in Pipeline Utility Steps Plugin (CVE-2022-33980)\n\n - SSL/TLS certificate validation unconditionally disabled by NS-ND Integration Performance Publisher Plugin\n (CVE-2022-38666)\n\n - Whole-script approval in Script Security Plugin vulnerable to SHA-1 collisions (CVE-2022-45379)\n\n - Stored XSS vulnerability in JUnit Plugin (CVE-2022-45380)\n\n - Arbitrary file read vulnerability in Pipeline Utility Steps Plugin (CVE-2022-45381)\n\n - Stored XSS vulnerability in Naginator Plugin (CVE-2022-45382)\n\n - Incorrect permission checks in Support Core Plugin (CVE-2022-45383)\n\n - Password stored in plain text by Reverse Proxy Auth Plugin (CVE-2022-45384)\n\n - Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin\n (CVE-2022-45385)\n\n - XXE vulnerability on agents in Violations Plugin (CVE-2022-45386)\n\n - Stored XSS vulnerability in BART Plugin (CVE-2022-45387)\n\n - Arbitrary file read vulnerability in Config Rotator Plugin (CVE-2022-45388)\n\n - Lack of authentication mechanism for webhook in XP-Dev Plugin (CVE-2022-45389)\n\n - Missing permission check in loader.io Plugin allows enumerating credentials IDs (CVE-2022-45390)\n\n - SSL/TLS certificate validation globally and unconditionally disabled by NS-ND Integration Performance\n Publisher Plugin (CVE-2022-45391)\n\n - Passwords stored in plain text by NS-ND Integration Performance Publisher Plugin (CVE-2022-45392)\n\n - CSRF vulnerability and missing permission check in Delete log Plugin (CVE-2022-45393, CVE-2022-45394)\n\n - XXE vulnerability on agents in CCCC Plugin (CVE-2022-45395)\n\n - XXE vulnerability on agents in SourceMonitor Plugin (CVE-2022-45396)\n\n - XXE vulnerability on agents in OSF Builder Suite :: XML Linter Plugin (CVE-2022-45397)\n\n - CSRF vulnerability and missing permission check in Cluster Statistics Plugin (CVE-2022-45398,\n CVE-2022-45399)\n\n - XXE vulnerability in JAPEX Plugin (CVE-2022-45400)\n\n - Stored XSS vulnerability in Associated Files Plugin (CVE-2022-45401)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.cloudbees.com/security-advisories/cloudbees-security-advisory-2022-11-15\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9523d7d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.346.40.0.6, 2.361.3.4 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33980\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n {\n 'min_version' : '2.346',\n 'fixed_version' :'2.346.40.0.6',\n 'edition' : make_list('Enterprise', 'Operations Center')\n },\n {\n 'min_version' : '2',\n 'fixed_version' :'2.361.3.4',\n 'edition' : make_list('Enterprise', 'Operations Center'),\n 'rolling_train' : TRUE\n }\n];\n\nvcf::jenkins::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'xsrf':TRUE, 'xss':TRUE}\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-07T18:27:02", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2097 advisory.\n\n - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\n Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond. (CVE-2022-1471)\n\n - An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. (CVE-2022-22577)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. (CVE-2022-23514)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1. (CVE-2022-23515)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. (CVE-2022-23516)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. (CVE-2022-23517)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. (CVE-2022-23518)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both math and style elements, or allow both svg and style elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include math or svg and style should either upgrade or use the following workaround immediately: Remove style from the overridden allowed tags, or remove math and svg from the overridden allowed tags. (CVE-2022-23519)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both select and style should either upgrade or use this workaround: Remove either select or style from the overridden allowed tags. NOTE: Code is\n _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize. (CVE-2022-23520)\n\n - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. (CVE-2022-25857)\n\n - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. (CVE-2022-27777)\n\n - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`. (CVE-2022-31163)\n\n - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. (CVE-2022-32224)\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. (CVE-2022-33980)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. (CVE-2022-38752)\n\n - In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. (CVE-2022-41323)\n\n - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.\n (CVE-2022-41946)\n\n - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 (CVE-2022-42003)\n\n - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\n - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.\n (CVE-2023-23969)\n\n - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of- service attack. (CVE-2023-24580)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-05T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1471", "CVE-2022-22577", "CVE-2022-23514", "CVE-2022-23515", "CVE-2022-23516", "CVE-2022-23517", "CVE-2022-23518", "CVE-2022-23519", "CVE-2022-23520", "CVE-2022-25857", "CVE-2022-27777", "CVE-2022-31163", "CVE-2022-32209", "CVE-2022-32224", "CVE-2022-33980", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-41323", "CVE-2022-41946", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2023-23969", "CVE-2023-24580"], "modified": "2023-05-05T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:libdb-cxx-debuginfo", "p-cpe:/a:rocky:linux:libdb-utils-debuginfo", "p-cpe:/a:rocky:linux:libdb-debuginfo", "p-cpe:/a:rocky:linux:libdb-debugsource", "p-cpe:/a:rocky:linux:libdb-sql-debuginfo", "p-cpe:/a:rocky:linux:libdb-cxx", "p-cpe:/a:rocky:linux:libdb-sql-devel-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2023-2097.NASL", "href": "https://www.tenable.com/plugins/nessus/175139", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2023:2097.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175139);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/05\");\n\n script_cve_id(\n \"CVE-2022-1471\",\n \"CVE-2022-22577\",\n \"CVE-2022-23514\",\n \"CVE-2022-23515\",\n \"CVE-2022-23516\",\n \"CVE-2022-23517\",\n \"CVE-2022-23518\",\n \"CVE-2022-23519\",\n \"CVE-2022-23520\",\n \"CVE-2022-25857\",\n \"CVE-2022-27777\",\n \"CVE-2022-31163\",\n \"CVE-2022-32224\",\n \"CVE-2022-33980\",\n \"CVE-2022-38749\",\n \"CVE-2022-38750\",\n \"CVE-2022-38751\",\n \"CVE-2022-38752\",\n \"CVE-2022-41323\",\n \"CVE-2022-41946\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-42889\",\n \"CVE-2023-23969\",\n \"CVE-2023-24580\"\n );\n script_xref(name:\"RLSA\", value:\"2023:2097\");\n\n script_name(english:\"Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2023:2097 advisory.\n\n - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\n Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using\n SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend\n upgrading to version 2.0 and beyond. (CVE-2022-1471)\n\n - An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for\n non HTML like responses. (CVE-2022-22577)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on\n top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to\n excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of\n service through CPU resource consumption. This issue is patched in version 2.19.1. (CVE-2022-23514)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on\n top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml\n media type in data URIs. This issue is patched in version 2.19.1. (CVE-2022-23515)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on\n top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it\n susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of\n service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to\n upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are\n sanitized. (CVE-2022-23516)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain\n configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible\n to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of\n service through CPU resource consumption. This issue has been patched in version 1.4.4. (CVE-2022-23517)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >=\n 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah\n >= 2.1.0. This issue is patched in version 1.4.4. (CVE-2022-23518)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version\n 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an\n attacker to inject content if the application developer has overridden the sanitizer's allowed tags in\n either of the following ways: allow both math and style elements, or allow both svg and style\n elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version\n 1.4.4. All users overriding the allowed tags to include math or svg and style should either upgrade\n or use the following workaround immediately: Remove style from the overridden allowed tags, or remove\n math and svg from the overridden allowed tags. (CVE-2022-23519)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version\n 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to\n an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the\n application developer has overridden the sanitizer's allowed tags to allow both select and style\n elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version\n 1.4.4. All users overriding the allowed tags to include both select and style should either upgrade or\n use this workaround: Remove either select or style from the overridden allowed tags. NOTE: Code is\n _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper\n method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize. (CVE-2022-23520)\n\n - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due\n missing to nested depth limitation for collections. (CVE-2022-25857)\n\n - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to\n inject content if able to control input into specific attributes. (CVE-2022-27777)\n\n - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using\n time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data\n source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are\n defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on\n demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers\n correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later,\n `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby\n process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions\n 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path\n if their name follows the rules for a valid time zone identifier and the file has a prefix of\n `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files\n are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated\n before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression\n `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`. (CVE-2022-31163)\n\n - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record <\n 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the\n database (via means like SQL injection), the ability to escalate to an RCE. (CVE-2022-32224)\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically\n evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used\n to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the\n interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances\n included interpolators that could result in arbitrary code execution or contact with remote servers. These\n lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using\n the interpolation defaults in the affected versions may be vulnerable to remote code execution or\n unintentional contact with remote servers if untrusted configuration values are used. Users are\n recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators\n by default. (CVE-2022-33980)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the\n parser is running on user supplied input, an attacker may supply content that causes the parser to crash\n by stackoverflow. (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the\n parser is running on user supplied input, an attacker may supply content that causes the parser to crash\n by stack-overflow. (CVE-2022-38752)\n\n - In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject\n to a potential denial of service attack via the locale parameter, which is treated as a regular\n expression. (CVE-2022-41323)\n\n - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either\n `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create\n a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable\n by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory\n is shared between all users on that system. Because of this, when files and directories are written into\n this directory they are, by default, readable by other users on that same system. This vulnerability does\n not allow other users to overwrite the contents of these directories or files. This is purely an\n information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7,\n this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this\n vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to\n patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a\n directory that is exclusively owned by the executing user will mitigate this vulnerability.\n (CVE-2022-41946)\n\n - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a\n check in primitive value deserializers to avoid deep wrapper array nesting, when the\n UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1\n (CVE-2022-42003)\n\n - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in\n BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is\n vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and\n expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an\n instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with\n version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that\n could result in arbitrary code execution or contact with remote servers. These lookups are: - script -\n execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records -\n url - load values from urls, including from remote servers Applications using the interpolation defaults\n in the affected versions may be vulnerable to remote code execution or unintentional contact with remote\n servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons\n Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\n - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language\n headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service\n vector via excessive memory usage if the raw value of Accept-Language headers is very large.\n (CVE-2023-23969)\n\n - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10,\n and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could\n result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-\n service attack. (CVE-2023-24580)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2023:2097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1225819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1266407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1630294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1638226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1650468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1761012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1786358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1787456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1813274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1826648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1837767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1841534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1845489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1880947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1888667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1895976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1920810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1931027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1931533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1950468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1952529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1956210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1956985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1963266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1964037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1965871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1990790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1990875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1995097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1995470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1997186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1997199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2026151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2029402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2032040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2043600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2052904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2056402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2057314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2060099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2062526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2063999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2066323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2069438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2073847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2077363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2080296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2080302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2088156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2088529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2094912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2098079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2101708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2102078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2103936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2104247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2105067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2105441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2106475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2106753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2108997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2109634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2110551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2111159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2115970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2116375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2118651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2119053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2119155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2119911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2120640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2121210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2121288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2122617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2124419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2124520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2125424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2125444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2127180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2127470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2127998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2130596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2130698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2131312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2131369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2131839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2132452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2133343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2133615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2134283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2134682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2136130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2137318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2137350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2137539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2138887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2140628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2140807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2142514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2142555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2144044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2147579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2148433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2148813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2152609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2156294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2156295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2156941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2157627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2157869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2161304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2161776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2165482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2165848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2165952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2167685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2170034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2171399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2172141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2172540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2172939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2173570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2173756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2174734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2174910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2175226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2180417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2184018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33980\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42889\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libdb-cxx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libdb-cxx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libdb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libdb-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libdb-sql-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libdb-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'libdb-cxx-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdb-cxx-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdb-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdb-debugsource-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdb-sql-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdb-sql-devel-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdb-utils-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libdb-cxx / libdb-cxx-debuginfo / libdb-debuginfo / libdb-debugsource / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-07-27T20:49:28", "description": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.\nCKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog`\nplugin. The vulnerability allows abuse of a dialog input validator regular\nexpression, which can cause a significant performance drop resulting in a\nbrowser tab freeze. A patch is available in version 4.18.0. There are\ncurrently no known workarounds.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | embedded copies of ckeditor are in ldap-account-manager, rt4, and rt5\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-16T00:00:00", "type": "ubuntucve", "title": "CVE-2022-24729", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24729"], "modified": "2022-03-16T00:00:00", "id": "UB:CVE-2022-24729", "href": "https://ubuntu.com/security/CVE-2022-24729", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-29T13:31:33", "description": "Apache Commons Configuration performs variable interpolation, allowing\nproperties to be dynamically evaluated and expanded. The standard format\nfor interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an\ninstance of org.apache.commons.configuration2.interpol.Lookup that performs\nthe interpolation. Starting with version 2.4 and continuing through 2.7,\nthe set of default Lookup instances included interpolators that could\nresult in arbitrary code execution or contact with remote servers. These\nlookups are: - \"script\" - execute expressions using the JVM script\nexecution engine (javax.script) - \"dns\" - resolve dns records - \"url\" -\nload values from urls, including from remote servers Applications using the\ninterpolation defaults in the affected versions may be vulnerable to remote\ncode execution or unintentional contact with remote servers if untrusted\nconfiguration values are used. Users are recommended to upgrade to Apache\nCommons Configuration 2.8.0, which disables the problematic interpolators\nby default.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-06T00:00:00", "type": "ubuntucve", "title": "CVE-2022-33980", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-07-06T00:00:00", "id": "UB:CVE-2022-33980", "href": "https://ubuntu.com/security/CVE-2022-33980", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-27T23:43:51", "description": "When reading a specially crafted ZIP archive, Compress can be made to\nallocate large amounts of memory that finally leads to an out of memory\nerror even for very small inputs. This could be used to mount a denial of\nservice attack against services that use Compress' zip package.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2021-36090", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36090"], "modified": "2021-07-13T00:00:00", "id": "UB:CVE-2021-36090", "href": "https://ubuntu.com/security/CVE-2021-36090", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-14T18:12:04", "description": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-16T17:15:00", "type": "debiancve", "title": "CVE-2022-24729", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24729"], "modified": "2022-03-16T17:15:00", "id": "DEBIANCVE:CVE-2022-24729", "href": "https://security-tracker.debian.org/tracker/CVE-2022-24729", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:10:06", "description": "Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-06T13:15:00", "type": "debiancve", "title": "CVE-2022-33980", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-07-06T13:15:00", "id": "DEBIANCVE:CVE-2022-33980", "href": "https://security-tracker.debian.org/tracker/CVE-2022-33980", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T10:10:11", "description": "When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-13T08:15:00", "type": "debiancve", "title": "CVE-2021-36090", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36090"], "modified": "2021-07-13T08:15:00", "id": "DEBIANCVE:CVE-2021-36090", "href": "https://security-tracker.debian.org/tracker/CVE-2021-36090", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cnvd": [{"lastseen": "2022-10-08T06:18:47", "description": "An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the \"Dialog Box\" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-17T00:00:00", "type": "cnvd", "title": "CKEditor4 authentication vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24729"], "modified": "2022-03-22T00:00:00", "id": "CNVD-2022-21546", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-21546", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-06-03T17:43:21", "description": "## Summary\n\nApache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. [CVE-2022-33980]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Watson AIOps| 3.x \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix: \n<https://www.ibm.com/docs/en/cloud-paks/cloud-pak-watson-aiops/3.4.2?topic=upgrading>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-19T15:41:35", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Commons, IBM Cloud PAK for Watson AI Ops is vulnerable to remote code execution (CVE-2022-33980)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-09-19T15:41:35", "id": "7449E9578BBA31426909FB1226DE7837491164672101DB16E29F106CC21BD6AC", "href": "https://www.ibm.com/support/pages/node/6621311", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:41:13", "description": "## Summary\n\nVulnerability in Apache Commons Configuration could allow remote attacker to execute arbitrary code on the system. This has been fixed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLog Analysis| 1.3.7.0 \nLog Analysis| 1.3.7.1 \nLog Analysis| 1.3.7.2 \n \n\n\n## Remediation/Fixes\n\nVersion| Fix details \n---|--- \nIBM Operations Analytics - Log Analysis version 1.3.7.0, 1.3.7.1, 1.3.7.2| Upgrade to Log Analysis version 1.3.7.2 Interim Fix 1. Download the [1.3.7.2-TIV-IOALA-IF001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=all> \"1.3.7.2-TIV-IOALA-IF001\" ). For Log Analysis prior to 1.3.7.2, [upgrade](<https://www.ibm.com/support/pages/node/1135125> \"upgrade\" ) to [1.3.7-TIV-IOALA-FP2](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=all> \"1.3.7-TIV-IOALA-FP2\" ) before installing this fix. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-18T03:08:22", "type": "ibm", "title": "Security Bulletin: Potential vulnerability in Apache Commons Configuration affect IBM Operations Analytics - Log Analysis (CVE-2022-33980)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-11-18T03:08:22", "id": "FC345CFDAF6B7A71B4BE4B7572967C23A04C41A497A855D10C71E09C23CF564F", "href": "https://www.ibm.com/support/pages/node/6840303", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:44:10", "description": "## Summary\n\nThere is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. [CVE-2022-33980]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM SPSS Analytic Server| 3.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying the following fixes.**\n\n**_Product_**| **_VRMF_**| **_Fixes _**** \n** \n---|---|--- \nIBM SPSS Analytic Server| 3.4.0.0| [3.4.0.0 - IFIX1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Analytic+Server&fixids=3.4.0.0_IF_ANLSVR-Linux8664-IF001&source=SAR> \"3.4.0.0 - IFIX\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T16:14:09", "type": "ibm", "title": "Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Analytic Server [CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-09-06T16:14:09", "id": "9288347016C858F9180FED179D5369E3FF2B19EE08AE1ADC50DA0356CFED11FE", "href": "https://www.ibm.com/support/pages/node/6618337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:44:09", "description": "## Summary\n\nIBM Sterling Connect:Direct for UNIX object storage file IO exits, and IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Configuration CVE-2022-33980. Apache Commons Configuration has been upgraded to version 2.8.0 in IBM Sterling Connect:Direct for UNIX Install Agent and File Agent, and removed from IBM Sterling Connect:Direct for UNIX object storage file IO exits.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0.0 - 6.2.0.4.iFix017 \nIBM Sterling Connect:Direct for UNIX| 6.1.0.0 - 6.1.0.4.iFix061 \nIBM Sterling Connect:Direct for UNIX| 6.0.0.0 - 6.0.0.2.iFix135 \nIBM Sterling Connect:Direct for UNIX| 4.3.0.0 - 4.3.0.1.iFix101 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading \n\n**Product**| **Version**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0.0 - 6.2.0.4.iFix017| Apply 6.2.0.4.iFix018, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.2.0.4&platform=All&function=fixId&fixids=6.2.0.4*iFix018*&includeSupersedes=0>). \nIBM Sterling Connect:Direct for UNIX| 6.1.0.0 - 6.1.0.4.iFix061| Apply 6.1.0.4.iFix062, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.4*iFix062*&includeSupersedes=0> \"Fix Central\" ). \nIBM Sterling Connect:Direct for UNIX| 6.0.0.0 - 6.0.0.2.iFix135| Apply 6.0.0.2.iFix136, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.0.0.2&platform=All&function=fixId&fixids=6.0.0.2*iFix136*&includeSupersedes=0> \"Fix Central\" ). \nIBM Sterling Connect:Direct for UNIX| 4.3.0.0 - 4.3.0.1.iFix101| Apply 4.3.0.1.iFix102, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=4.3.0.1&platform=All&function=fixId&fixids=4.3.0.1*iFix102*&includeSupersedes=0> \"Fix Central\" ). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T16:47:30", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-09-06T16:47:30", "id": "0104500632F30B669B6AB3386A2C032BE30309BC277B7F02194DA7DEBC57CE3F", "href": "https://www.ibm.com/support/pages/node/6618349", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:42:04", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Configuration.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.5.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.5.3 \n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T22:19:36", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Configuration (CVE-2022-33980)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-10-13T22:19:36", "id": "0CAF6866558AEA0CD272A5558C61C55CF713A20CB17AD693AE5231FAC8E07BE9", "href": "https://www.ibm.com/support/pages/node/6620905", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:44:43", "description": "## Summary\n\nThere is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Modeler. This vulnerability has been addressed. [CVE-2022-33980]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM SPSS Modeler| 18.4 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the following fixes. \n\n**_Product_**| ** _VRMF_**| ** _Fixes \n_** \n---|---|--- \nIBM SPSS Modeler| 18.4.0.0 | [18.4.0.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Modeler&release=18.4.0.0&platform=All&function=fixId&fixids=18.4.0.0-IM-S18MODELER-IF001&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"18.4.0.0\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-15T02:13:22", "type": "ibm", "title": "Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-08-15T02:13:22", "id": "155D85DAFA07773C09E4F262173738C31F79066ACDB0B4C7D084305E837C9842", "href": "https://www.ibm.com/support/pages/node/6612483", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:44:45", "description": "## Summary\n\nThere is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE [CVE-2022-33980].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct File Agent| 1.4.0.0 - 1.4.0.2_iFix026 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct File Agent| 1.4.0.0 - 1.4.0.2_iFix026| [IT41451](<https://www.ibm.com/support/pages/apar/IT41451> \"IT41451\" )| Apply [1.4.0.2_iFix027](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+File+Agent&release=1.4.0.2&platform=All&function=aparId&apars=IT41451> \"1.4.0.2_iFix027\" ), available on IBM Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-11T08:32:59", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-08-11T08:32:59", "id": "602CBF49196C4B5F53BF0E35529FFE589DC1AE573B22BF9B1F6824FA49254F13", "href": "https://www.ibm.com/support/pages/node/6611961", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:43:24", "description": "## Summary\n\nApache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Configuration and the issue has been addressed. [CVE-2022-33980]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Control Center| 6.2.1.0 GA through to iFix07 \n \n\n\n## Remediation/Fixes\n\nProduct\n\n| \n\nVersion\n\n| \n\nFix / Remediation \n \n---|---|--- \n \nIBM Sterling Control Center\n\n| \n\n6.2.1.0 GA through to iFix07\n\n| \n\n6.2.1.0 iFix08 [Fix Central - 6.2.1.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.1.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-16T13:39:37", "type": "ibm", "title": "Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Configuration [CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-09-16T13:39:37", "id": "2616972DA8EE35A4DDF1914EC6AC5D9B251587AF1D48096158CD1BAACE7A8E2A", "href": "https://www.ibm.com/support/pages/node/6620939", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:42:01", "description": "## Summary\n\nA vulnerability in Apache Commons Configuration used by IBM InfoSphere Information Server was addressed. [CVE-2022-33980]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.7| [DT143723](<https://www.ibm.com/mysupport/aCI3p000000PXH0> \"DT143723\" ) \n| \\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"11.7.1.4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T22:43:34", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons Configuration affects IBM InfoSphere Information Server [CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-10-14T22:43:34", "id": "947A21CD85DCAC08CA419CD2A544E44DEBD58BFAFD69C5FAEA15B04ADA1037E1", "href": "https://www.ibm.com/support/pages/node/6829367", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:44:41", "description": "## Summary\n\nThere is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE [CVE-2022-33980].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix048 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix055 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix049 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix012 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Product(s)**\n\n| **Version(s)**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix048| [IT41533](<https://www.ibm.com/support/pages/apar/IT41533> \"IT41533\" )| Apply [4.8.0.3_iFix049](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=4.8.0.3&platform=All&function=aparId&apars=IT41533> \"4.8.0.3_iFix049\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix055| [IT41533](<https://www.ibm.com/support/pages/apar/IT41533> \"IT41533\" )| Apply [6.0.0.4_iFix056](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.0.0.4&platform=All&function=aparId&apars=IT41533> \"6.0.0.4_iFix056\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix049| [IT41533](<https://www.ibm.com/support/pages/apar/IT41533> \"IT41533\" )| Apply [6.1.0.2_iFix050](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.1.0.2&platform=All&function=aparId&apars=IT41533> \"6.1.0.2_iFix050\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix012| [IT41533](<https://www.ibm.com/support/pages/apar/IT41533> \"IT41533\" )| Apply [6.2.0.4_iFix013](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.2.0.4&platform=All&function=aparId&apars=IT41533> \"6.2.0.4_iFix013\" ), available on Fix Central \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-16T09:11:54", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980"], "modified": "2022-08-16T09:11:54", "id": "1F9BCC08A26A1E48717EBAEB101D492E62FDA8F2346CB6E7137C789B32C139DD", "href": "https://www.ibm.com/support/pages/node/6612685", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T18:01:10", "description": "## Summary\n\nA ZIP processing vulnerability has been found in Apache Commons Compress. It affects IBM License Key Server Administration & Reporting Tool and its Agent. A mitigation has been released.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Common Licensing| Agent 9.0 \nIBM Common Licensing| ART 9.0 \n \n\n\n## Remediation/Fixes\n\nUpgrade to ART/Agent version 9.0 iFix 5. It can be downloaded from [Fix Central.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Common+Licensing&release=9.0&platform=AIX&function=all> \"Fix Central.\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-08T04:32:13", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons Compress Library affects IBM LKS ART and Agent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36090"], "modified": "2021-11-08T04:32:13", "id": "0D5D9C62E3772E12A0A361D23CC8D2FE21F9AD572A09912E906D408ED2270FAA", "href": "https://www.ibm.com/support/pages/node/6514411", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:46", "description": "## Summary\n\nA security vulnerability, related to Apache Commons Compress library, has been found in the IBM\u00ae WebSphere Application Server Liberty used by IBM LKS Administration and Reporting Tool and its Agent. A fix has been identified and is being published here.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Common Licensing| Agent 9.0 \nIBM Common Licensing| ART 9.0 \n \n\n\n## Remediation/Fixes\n\nUpgrade to the latest ART/Agent 9.0 iFix 5 from [Fix Central.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Common+Licensing&release=9.0&platform=AIX&function=all> \"Fix Central.\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-29T05:53:49", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability in IBM\u00ae WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36090"], "modified": "2021-11-29T05:53:49", "id": "0E139C6B78E05C5FB31297130E7D8182F37C6EEE164FAB0E33CFAB3DCEE481D0", "href": "https://www.ibm.com/support/pages/node/6519948", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:54", "description": "## Summary\n\nWhen reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Control Center| 6.2.0.0 \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Sterling Control Center\n\n| \n\n6.2.0.0\n\n| \n\niFix11\n\n| \n\n[Fix Central - 6.2.0.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-16T19:37:34", "type": "ibm", "title": "Security Bulletin: Apache Commons Compress Denial of Service Vulnerability Affects IBM Sterling Control Center (CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36090"], "modified": "2021-11-16T19:37:34", "id": "EEE380D4251EC8087F70E591F9649F8F72DC3CEE1BB76652685094DC3531CA8D", "href": "https://www.ibm.com/support/pages/node/6516776", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:35:27", "description": "## Summary\n\nThere is a vulnerability in Apache Commons Compress that could allow a remote authenticated attacker to execute denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4, 1.12.0.3, 1.12.0.2, 1.12.0.1, 1.12.0.0 \n \n\n\n## Remediation/Fixes\n\n**Remediation/Fixes guidance**: \n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| \n\n1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4, 1.12.0.3, 1.12.0.2, 1.12.0.1, 1.12.0.0\n\n| \n\n**Upgrade to version 1.14.0.0** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M0BMPML** Process Mining 1.14.0.0 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0BMQML** Process Mining 1.14.0.0 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**: \n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-05T14:49:57", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining . CVE-2021-36090", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36090"], "modified": "2023-05-05T14:49:57", "id": "10435D282B7850CEC2BF0C603FD80422C4D44BBAE142D5D668326E97EB3F47F8", "href": "https://www.ibm.com/support/pages/node/6988557", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T17:41:06", "description": "## Summary\n\nApache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, part of data ingestion. The vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests applying 1.3.6 Interim Fix 6: \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6> \"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T08:55:59", "type": "ibm", "title": "Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980", "CVE-2022-42889"], "modified": "2022-11-28T08:55:59", "id": "FE3ECC02D6131D037DB72CD71278183A707DC57C21C726BB8037F95488CB8384", "href": "https://www.ibm.com/support/pages/node/6841785", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:39:07", "description": "## Summary\n\nIBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.0 - 2.3 Fix Pack 5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests upgrading to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 6 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-01T11:04:10", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980", "CVE-2022-42889"], "modified": "2023-02-01T11:04:10", "id": "D217E46A21D57F6E2A2BF7B705F5AB42A912E70179C85B686B09E652D0CFD1B3", "href": "https://www.ibm.com/support/pages/node/6909421", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T18:00:42", "description": "## Summary\n\nThere are multiple vulnerabilities in the Apache Commons Compress library that is used by WebSphere Application Server Liberty. IBM Match 360 v4.0.3 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Match 360 | All \n \n## Remediation/Fixes\n\nUpgrade/Install IBM Match 360 4.0.4 or higher.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-30T17:02:41", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server Liberty used by IBM Match 360", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-11-30T17:02:41", "id": "75292E3923B26B0E2E5FF96584620DDCD8E3FA9B1B48381C5BCAA4B6590D82C7", "href": "https://www.ibm.com/support/pages/node/6520436", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:59:27", "description": "## Summary\n\nMultiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote attacker to exploit them to cause a denial of service condition against services that use Compress' zip package. IBM Performance Management has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \nIBM Cloud APM| 8.1.4 \n \n\n\n## Remediation/Fixes\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private| 8.1.4| The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0012 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/6456351>\n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0010 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6520908> \n \n---|---|--- \n \nIBM Cloud Application Performance Management\n\n| \n\nN/A\n\n| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0010 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6520908> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-18T02:14:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Websphere Application Server affect the IBM Performance Management product", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-18T02:14:17", "id": "D15F96A6A2133C2CD625057126D31B71488849CB6D471551AF6177AE83F15B0E", "href": "https://www.ibm.com/support/pages/node/6528202", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:55:47", "description": "## Summary\n\nIBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of IBM Websphere Liberty. IBM Websphere Liberty is uses as a middleware server.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| | | before 2.3 Fix Pack 4 \n---|--- \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 2 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-16T14:14:05", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of IBM Websphere Liberty (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-03-16T14:14:05", "id": "DF10251E3781DB89E977C04275F005CA31E770A1B5E3D3C3549F931A61FC1418", "href": "https://www.ibm.com/support/pages/node/6563931", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:54:33", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Private - Apache Commons Compress\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply fix pack:\n\n * [IBM Cloud Private 3.2.1.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2203-build601095-48411&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2203\" )\n\n \n\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2203-build601096-48413&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2203\" )\n\n \nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-22T19:56:13", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Apache Commons Compress (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-04-22T19:56:13", "id": "B7A13FB33FCF20165BBA366C8F6B69286BA3919797513F5D1D731C55600F3ADA", "href": "https://www.ibm.com/support/pages/node/6574487", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:50:46", "description": "## Summary\n\nMultiple Vulnerabilities have been identified in IBM Cloud Pak System. Cloud Pak System has addressed these vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20479](<https://vulners.com/cve/CVE-2021-20479>) \n** DESCRIPTION: **IBM Cloud Pak System uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak System| V2.3.0 - V2.3.3.3 Interim Fix 1 \n \n## Remediation/Fixes\n\nFor unsupported version/release/platform IBM recommends upgrading to a fixed, supported version of the product.\n\nCloud Pak System uses weaker than expected cryptographic algorithms during negotiation, which could allow an attacker to decrypt sensitive information. TLS 1.0 and 1.1 is not disabled by default. Cloud Pak System v2.3.3.4 supports TLS1.2 and enables it by default.\n\nFor IBM Cloud Pak System V2.3.0 through to V2.3.3.3 Interim Fix 1 upgrade to V2.3.3.4 at [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/IBM+Cloud+Pak+System&release=2.3.3.3&platform=All&function=all>)\n\nInformation on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T14:04:32", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities have been identified in IBM Cloud Pak System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20479", "CVE-2021-36090"], "modified": "2022-05-13T14:04:32", "id": "34E92615DEA7EEB534443A478FE7324FF1E532020BDA914F779701A3E0067CAB", "href": "https://www.ibm.com/support/pages/node/6562263", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T17:55:54", "description": "## Summary\n\nDenial of service vulnerabilities in Apache Commons which affects IBM WebSphere Application Server Liberty can affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management. UPDATED 14 March 2022 to clarify that these Liberty CVEs only affect IBM Spectrum Protect for Space Management due to its packaging of the Backup-Archive Web user interface. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Backup-Archive Client web user interface| 8.1.7.0-8.1.13.3 (Linux and Windows) \n8.1.9.0-8.1.13.3 (AIX) \nIBM Spectrum Protect for Virtual Environments: Data Protection for VMware| 8.1.0.0-8.1.13.3 \nIBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V| 8.1.4.0-8.1.13.3 \nIBM Spectrum Protect for Space Management - **See Note**| 8.1.7.0-8.1.13.3 (Linux) \n8.1.9.0-8.1.13.3 (AIX) \n \n \nNote: For IBM Spectrum Protect for Space Management, these Liberty issues (CVEs) only affect the Backup-Archive Web user interface which is included in the IBM Spectrum Protect for Space Management package.\n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect Backup-Archive Client web user interface Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.9.0-8.1.13.3 (AIX) \n8.1.7.0-8.1.13.3 (Linux) \n8.1.7.0-8.1.13.3 (Windows) \n| 8.1.14| AIX \nLinux \nWindows| <https://www.ibm.com/support/pages/node/6561875> \n \n**_IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.0.0-8.1.13.3| 8.1.14| Linux \nWindows| \n\n<https://www.ibm.com/support/pages/node/6552530> \n \n**_IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.4.0-8.1.13.3| 8.1.14| Windows| \n\n<https://www.ibm.com/support/pages/node/6552530> \n \n**_IBM Spectrum Protect for Space Management Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.9.0-8.1.13.3 (AIX) \n8.1.7.0-8.1.13.3 (Linux) \n| 8.1.14| AIX \nLinux| \n\n<https://www.ibm.com/support/pages/node/316077> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-14T21:48:00", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-03-14T21:48:00", "id": "B3795437971BBFF553B6A4E1067F15162BCF6961507ED86899C33084B3A1A74C", "href": "https://www.ibm.com/support/pages/node/6562383", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:46", "description": "## Summary\n\nThere are multiple vulnerabilities in the Apache Commons Compress library that is used by WebSphere Application Server Liberty. This has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLog Analysis| 1.3.5.3 \nLog Analysis| 1.3.6.0 \nLog Analysis| 1.3.6.1 \nLog Analysis| 1.3.7.0 \nLog Analysis| 1.3.7.1 \n \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Fix details \n---|--- \nIBM Operations Analytics - Log Analysis version 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0 and 1.3.7.1| 1\\. For Log Analysis 1.3.5.3 to 1.3.7.0, upgrade the liberty version to [WebSphere Application Server Liberty 21.0.0.6](<https://www.ibm.com/support/pages/node/6452823> \"WebSphere Application Server Liberty 21.0.0.6\" ) (use wlp-core-all-21.0.0.6.jar) by following these [steps](<https://www.ibm.com/support/pages/node/6498029> \"steps\" ). \n2\\. Apply [interim fix](<https://www.ibm.com/support/pages/node/6489503> \"interim fix\" ) (use 21006-wlp-archive-IFPH39418) for the vulnerabilities using this [step](<https://public.dhe.ibm.com/software/websphere/appserv/wlparchive/support/fixes/PH39418/21.0.0.6/readme.txt> \"step\" ). \n\nRef.: Security Bulletin: [Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty](<https://www.ibm.com/support/pages/node/6489683> \"Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty\" ) (CVE-2021-35517, CVE-2021-36090) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-29T11:06:24", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-11-29T11:06:24", "id": "DC0307C89ADC9BDECEC60787C47BEC8B9B8EE78D2B6C0A47849682B1DA27D02F", "href": "https://www.ibm.com/support/pages/node/6519974", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:01:40", "description": "## Summary\n\nThere are multiple vulnerabilities in Websphere that is used by Control Center.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Control Center| 6.1.3.0 \n \n\n\n## Remediation/Fixes\n\n**Product** \n| **VRMF** \n| **iFix** \n| **Remediation** \n \n---|---|---|--- \nIBM Control Center \n| 6.1.3.0 \n| iFix07 \n| [Fix Central - 6.1.3.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-14T21:10:00", "type": "ibm", "title": "Security Bulletin: Multiple Websphere Vulnerabilities Impact IBM Control Center (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-10-14T21:10:00", "id": "0AFBC1D7F97C5C9E0F0CC49EE02F2CC41F95432701D1E857EC1AF635A6E339A4", "href": "https://www.ibm.com/support/pages/node/6501221", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:44", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.2 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.3 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-5\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-30T16:27:39", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-11-30T16:27:39", "id": "16736BDC76D22C21547E48EFB8CDDC62FDD5AB41955327A05DD047CB18A3DEDC", "href": "https://www.ibm.com/support/pages/node/6516470", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:56:57", "description": "## Summary\n\nMultiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications (CVE-2021-33517, CVE-2021-36090)\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s) and Version(s)| Affecting Product(s) and Version(s) \n---|--- \n \nIBM Cloud Pak for Applications\n\n * v4.3.1\n| \n\nIBM WebSphere Application Server Liberty\n\n * 17.0.0.3 - 21.0.0.9 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix or Fix Pack containing APAR PH39418 for each named product as soon as practical. \n\n[Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)](<https://www.ibm.com/support/pages/node/6489683>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-15T21:09:07", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications (CVE-2021-33517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33517", "CVE-2021-36090"], "modified": "2022-02-15T21:09:07", "id": "5C84EE90836D63B05BD8D61CDE089A39BB0BF0FC1D82D10897E9D6EDC4884684", "href": "https://www.ibm.com/support/pages/node/6556922", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:27", "description": "## Summary\n\nSecurity Vulnerabilities in WebSphere Liberty affect IBM Voice Gateway.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nVoice Gateway| 1.0.7 \nVoice Gateway| 1.0.7.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to the following IBM Voice Gateway 1.0.7.x images \n\nibmcom/voice-gateway-sms:1.0.7.3 \nibmcom/voice-gateway-so:1.0.7.11\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-10T22:56:24", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-10T22:56:24", "id": "F28901CFE45D1D428C63CC881FFA753E9073E21717B6E26FF45848C3370F2142", "href": "https://www.ibm.com/support/pages/node/6525516", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:48:22", "description": "## Summary\n\nWebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V21.0 \nV20.0 \nV19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)](<https://www.ibm.com/support/pages/node/6489683> \"Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty \$CVE-2021-33517, CVE-2021-36090\$\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2021-33517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33517", "CVE-2021-36090"], "modified": "2022-09-14T15:28:14", "id": "45A5CEFDC4D7BAF7DD3A35BE14090A435BBD4BEEFCC6A8B34291DE21F9BE02CD", "href": "https://www.ibm.com/support/pages/node/6490277", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:52:03", "description": "## Summary\n\nWebSphere liberty is vulnerable to a DOS that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Knowledge Catalog on-prem| 3.5 \nIBM Watson Knowledge Catalog on-prem| 4.0 \n \n\n\n## Remediation/Fixes\n\nWatson Knowledge Catalog for IBM Cloud Pak for Data 4.0: install Refresh 4 of Cloud Pak for Data Version 4.0: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=overview-whats-new#whats-new__refresh-4>\n\nWatson Knowledge Catalog for IBM Cloud Pak for Data 3.5.1: install Refresh 12 of Cloud Pak for Data Version 3.5: <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=overview-whats-new#whats-new__refresh-12>\n\n## Workarounds and Mitigations\n\nNone. WebSphere Liberty must be upgraded.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-22T17:20:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-06-22T17:20:36", "id": "186B70A46AA8E0019EA1FA3AD7C84BE2123190D3E9ECBD8080B8E32748EE5D8E", "href": "https://www.ibm.com/support/pages/node/6597611", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:13", "description": "## Summary\n\nNovalink uses WebSphere Application Server Liberty. There is an Apache Commons Compress affect vulnerability. This has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNovaLink| 1.0.0.16 \nNovalink| 2.0.0.0 \nNovalink| 2.0.1 \nNovalink| 2.0.2 \n \n\n\n## Remediation/Fixes\n\nFor Novalink 1.0.0.16 update to 1.0.0.16-211129 or later. \n\nFor Novalink 2.0.0.0, 2.0.1, 2.0.2 or 2.0.2.1 to 2.0.1-211202 or 2.0.2.1-211125 respectively.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-13T10:01:39", "type": "ibm", "title": "Security Bulletin: Novalink is impacted by Vulnerabilities in Apache Commons Compress affect WebSphere Application Server (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-13T10:01:39", "id": "9E0785F08078A693830D9375FB362720BEF15FAEDDCF6AF11F7E847FC4F2B207", "href": "https://www.ibm.com/support/pages/node/6525756", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:56:03", "description": "## Summary\n\nIBM Virtualization Engine TS7700 is vulnerable to two potential denial of service conditions due to WebSphere Application Server Liberty. IBM Virtualization Engine TS7700 has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-VEC and 3957-VED) prior to and including the following are affected:\n\n**Machine Type**| **Model**| **Release**| **Version** \n---|---|---|--- \n3957| VEC| R5.0| 8.50.2.6 \nR5.1| 8.51.1.26 \nR5.2 Phase 1| 8.52.100.32 \nVED| R5.0| 8.50.2.6 \nR5.1| 8.51.1.26 \nR5.2 Phase 1| 8.52.100.32 \n \nLater microcode versions are not affected by the vulnerabilities reported in this Security Bulletin.\n\n## Remediation/Fixes\n\nVisit <https://tape.ibmrcl.enterpriseappointments.com/v2/> or contact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate code-specific VTD_EXEC (384 or 900 or 901) as needed. Affected microcode versions are shown below:\n\n**Machine Type**| **Model**| **Release**| **Fix** \n---|---|---|--- \n3957| VEC| R5.0| Upgrade to 8.50.2.6 + VTD_EXEC.384 \nR5.1| Upgrade to 8.51.1.26 + VTD_EXEC.900 \n\\- OR - \nUpgrade to 8.51.2.12 \nR5.2 Phase 1| Upgrade to 8.52.100.32 + VTD_EXEC.901 \nR5.2 Phase 2| Upgrade to 8.52.200.109 \nVED| R5.0| Upgrade to 8.50.2.6 + VTD_EXEC.384 \nR5.1| Upgrade to 8.51.1.26 + VTD_EXEC.900 \n\\- OR - \nUpgrade to 8.51.2.12 \nR5.2 Phase 1| Upgrade to 8.52.100.32 + VTD_EXEC.901 \nR5.2 Phase 2| Upgrade to 8.52.200.109 \n \nThe minimum VTD_EXEC versions are shown below:\n\n**VTD_EXEC Package**| **Version** \n---|--- \nVTD_EXEC.384| v1.01 \nVTD_EXEC.900| v1.05 \nVTD_EXEC.901| v1.03 \n \n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-07T19:40:28", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty affect IBM Virtualization Engine TS7700 (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-03-07T19:40:28", "id": "DAD6E642502813DE6B9563D13D4513415BAE90E68BEF31D45DE8D7346CF0EF4B", "href": "https://www.ibm.com/support/pages/node/6524972", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:59:33", "description": "## Summary\n\nThere are vulnerabilities in Apache Commons Compress library that is used by IBM License Metric Tool.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM License Metric Tool| All \n \n \n \n\n\n## Remediation/Fixes\n\nUpgrade to version 9.2.26 or later using the following procedure:\n\nIn BigFix console, expand IBM License Reporting (ILMT) node under Sites node in the tree panel. \nClick Fixlets and Tasks node. Fixlets and Tasks panel will be displayed on the right. \nIn the Fixlets and Tasks panel locate Upgrade to the latest version of IBM License Metric Tool 9.x fixlet and run it against the computer that hosts your server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-17T17:05:57", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Commons Compress affects IBM License Metric Tool v9.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-17T17:05:57", "id": "22A3084E2002F23895BAE53AE66469749F21716FF3B8CF15A58E6BBC0C953322", "href": "https://www.ibm.com/support/pages/node/6527136", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:01:29", "description": "## Summary\n\nIBM Watson Explorer has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Watson Explorer Deep Analytics Edition oneWEX Components| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.6 \n \n---|--- \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.6 \n \nIBM Watson Explorer Deep Analytics Edition Foundational Components Annotation Administration Console| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.6 \n \nIBM Watson Explorer Analytical Components| 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.10 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.10 \n \n## Remediation/Fixes\n\n**Affected Product**| **Affected Versions**| **Fix** \n---|---|--- \nIBM Watson Explorer DAE \noneWEX Components| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.6\n\n| \n\nUpgrade to Version 12.0.3.7. \n\nSee [Watson Explorer Version 12.0.3.7 oneWEX](<https://www.ibm.com/support/pages/node/6497913>) for download information and instructions. \n \nIBM Watson Explorer DAE Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.6\n\n| \n\nUpgrade to Version 12.0.3.7. \n\nSee [Watson Explorer Version 12.0.3.7 Analytical Components](<https://www.ibm.com/support/pages/node/6497917>) for download information and instructions. \n \nIBM Watson Explorer DAE Foundational Components Annotation Administration Console| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.6\n\n| \n\nUpgrade to Version 12.0.3.7. \n\nSee [Watson Explorer Version 12.0.3.7 Foundational Components](<https://www.ibm.com/support/pages/node/6497915>) for download information and instructions. \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.10| Upgrade to Watson Explorer Analytical Components Version 11.0.2 Fix Pack 11. For information about this version, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/6497905>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.10| Upgrade to Watson Explorer Foundational Components Annotation Administration Console Version 11.0.2 Fix Pack 11. For information about this version, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/6497903>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-22T11:51:18", "type": "ibm", "title": "Security Bulletin: Vulnerabilities exist in Watson Explorer (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-10-22T11:51:18", "id": "7E748FB7D2BF3C8C9A65B6AC1E01AE1CF23A69785B2DCE748AB18C63395DC19E", "href": "https://www.ibm.com/support/pages/node/6507013", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:21", "description": "## Summary\n\nMultiple vulnerabilities have been identified in the Apache Commons Compress shipped with IBM Websphere Liberty. IBM Websphere Liberty is shipped with IBM Tivoli Netcool/Impact.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.24| IJ35903| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP24](<https://www.ibm.com/support/pages/ibm-tivoli-netcoolimpact-v710-fix-pack-24-710-tiv-nci-fp0024> \"IBM Tivoli Netcool Impact 7.1.0 FP24\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-10T10:58:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Commons Compress affect IBM Tivoli Netcool Impact (CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-10T10:58:54", "id": "0E0E7B18D99C2EC8E29EE4877EE2BCDB492FE609EBADF3B5D9C1C38BABE89E03", "href": "https://www.ibm.com/support/pages/node/6525276", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:36:14", "description": "## Summary\n\nMultiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server used by IBM Maximo Application Suite.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nMonitor Component| 8.6.2, 8.7.0 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 8.6.3 or 8.7.1 (or later versions)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-19T19:44:58", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server used by IBM Maximo Application Suite", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2023-04-19T19:44:58", "id": "E6CDADFC7E8DFE7568643BB3E70DE70E20B1F339E747013D400F4AF8B0D1C4CE", "href": "https://www.ibm.com/support/pages/node/6984785", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:09", "description": "## Summary\n\nRational Asset Analyzer team has addressed the following vulnerabilities in WebSphere Application Server Liberty: CVE-2021-35517 and CVE-2021-36090\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nRational Asset Analyzer| 6.1.0.0 - 6.1.0.23 \n \n\n\n## Remediation/Fixes\n\nApply the corresponding fix from FIX Central. Note the release date of 2021/12/09. \n\n**Windows Version**| [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Fix Central\" ) \n---|--- \n**z/OS Version**| [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-14T03:31:04", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer is affected by vulnerabilities in WebSphere Application Server Liberty.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-14T03:31:04", "id": "9485C17C6737EACF77937D851901B067F4440B181E90652E1B22FC3F0E4AE5C0", "href": "https://www.ibm.com/support/pages/node/6526070", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:02:20", "description": "## Summary\n\nThere are multiple vulnerabilities in the Apache Commons Compress library as described in the vulnerability details section. The Apache Commons Compress library is used by WebSphere Application Server Liberty on IBM i. WebSphere Application Server Liberty is the runtime that is used by integrated application server and integrated web services server. IBM i has addressed the vulnerability in the WebSphere Application Server Liberty implementation.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM i| 7.4 \nIBM i| 7.3 \nIBM i| 7.2 \n \n\n\n## Remediation/Fixes\n\nThe issues can be fixed by applying a PTF to IBM i. \nReleases 7.4, 7.3, and 7.2 of IBM i are supported and will be fixed. \nThe IBM i PTF numbers containing the fix for the CVEs are: \n \n**Release 7.4 \u2013 SI77224 \n****Release 7.3 \u2013 SI77225 \n****Release 7.2 \u2013 SI77226**\n\n** \n**<https://www.ibm.com/support/fixcentral/>\n\n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products. \n_\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-24T22:36:57", "type": "ibm", "title": "Security Bulletin: Integrated application server and integrated web services for IBM i are affected by CVE-2021-35517 and CVE-2021-36090", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-09-24T22:36:57", "id": "2494FA18EBA69E49E0C9B21340A86FBCE7BF93F9CB851C89E87B389A942B8EB4", "href": "https://www.ibm.com/support/pages/node/6492617", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:57:05", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae WebSphere Application Server Liberty shipped with IBM Security Directory Suite. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSecurity Directory Server Virtual Appliance| 8.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **Remediation** \n---|--- \nIBM Security Directory Suite 8.0.1| [IBM Security Directory Suite 8.0.1.17](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Directory+Suite&fixids=8.0.1.17-ISS-ISDS_20220121-0252.pkg&source=SAR> \"IBM Security Directory Suite 8.0.1.17\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-08T19:38:43", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM\u00ae WebSphere Application Server Liberty shipped with IBM Security Directory Suite", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-02-08T19:38:43", "id": "33D4121C24315EBC2149A61597C95EC5AA26609607D06600AA66FC2197320064", "href": "https://www.ibm.com/support/pages/node/6554574", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:01:55", "description": "## Summary\n\nIBM Common Licensing is vulnerable to a remote code execution in Spring Framework (CVE-2022-22970,CVE-2022-22971) as it does have Spring Framework versions 5.3.0 to 5.3.20, 5.2.0 to 5.2.22, and older versions. IBM Common Licensing is vulnerable to a remote code execution in Apache Commons (CVE-2022-33980) as it does have Apache Commons Configuration 2 versions 2.4 to 2.7 and older versions. The fix includes Spring Framework version 5.3.21 and Apache Commons Configuration 2 version 2.8.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22970](<https://vulners.com/cve/CVE-2022-22970>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22971](<https://vulners.com/cve/CVE-2022-22971>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Common Licensing| Agent 9.0 \nIBM Common Licensing| ART 9.0 \n \n\n\n## Remediation/Fixes\n\nThe CVE-2022-22970, CVE-2022-22971 flaw lies in Spring Framework. Spring has provided update fixes (Spring Framework 5.2.22+ & 5.3.20+). The CVE-2022-33980 flaw lies in Apache Commons Configuration2 and fix in provided in (Apache Commons Configuration2 - 2.8) \nIBM strongly recommends addressing the Spring framework and Apache Commons vulnerability in IBM Common Licensing now by applying the suggested fix that uses Spring Framework 5.3.21 and Apache Commons Configuration2 -2.8. \n\n \nApply the ART and Agent ifix from fix central :\n\n[IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_And_ApacheCommons_iFix](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FRational+Common+Licensing&fixids=IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_And_ApacheCommons_iFix&source=SAR&function=fixId&parent=ibm/Rational> \"IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_And_ApacheCommons_iFix\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-25T07:50:01", "type": "ibm", "title": "Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22970", "CVE-2022-22971", "CVE-2022-33980"], "modified": "2022-07-25T07:50:01", "id": "870A1DEF76D41D926201E86F390F6EEB281F4C5156CDE1104587F141A47CBCD6", "href": "https://www.ibm.com/support/pages/node/6606947", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:56", "description": "## Summary\n\nA denial of service vulnerability in IBM\u00ae Runtime Environment Java, disclosed as part of the IBM Java SDK updates in October 2021, can affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Denial of service vulnerabilities in Apache Commons Compress which is used by IBM WebSphere Application Server Liberty might also affect IBM Spectrum Protect Operations Center and Client Management Service. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 8.1.0.000-8.1.13.xxx \nIBM Spectrum Protect Client Management Service| 8.1.0.000-8.1.13.xxx \n \n## Remediation/Fixes\n\n**_IBM Spectrum Protect Operations Center Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n \n8.1.0.000-8.1.13.xxx| \n8.1.14| AIX \nLinux \nWindows| \n<https://www.ibm.com/support/pages/node/6562363> \n \n**_IBM Spectrum Protect Client Management Service Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.0.000-8.1.13.xxx| 8.1.14| Linux \nWindows| [https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1](<https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1/> \"https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-12T00:05:06", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty affect IBM Operations Center and Client Management Service (CVE-2021-35578, CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-35578", "CVE-2021-36090"], "modified": "2022-03-12T00:05:06", "id": "BAF43585A5ABFAA551BDE0DDB4AD7ECB0C42E21551DBFD52E1607957FAE4176A", "href": "https://www.ibm.com/support/pages/node/6562849", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:52:09", "description": "## Summary\n\nThis security bulletin addresses the Information Disclosure vulnerability that has been found to impact Websphere Liberty in IBM Tivoli Application Dependency Discovery Manager.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.3 - 7.3.0.9 \n| \n \n## Remediation/Fixes\n\nThe eFix in the table below can be downloaded and applied directly.\n\n**Fix**| **VRMF**| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_WLP_PSIRT_210010_FP6190313.zip | 7.3.0.5 - 7.3.0.6| None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=J6XgUzIFzi3Dm5dCcajDfWhPE7PVHqZbuPXZ9Ok4VQc> \"Download eFix\" ) \nefix_WLP_PSIRT_210010_FP9211123.zip| 7.3.0.7 -7.3.0.9| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=neXkMKEo4SJWiPKfAu7g0Pu8AXKM6ZRxGd0zPwFz9YA> \"Download eFix\" ) \n \n**Note:**\n\nBefore TADDM 7.3.0.5, Java 7 was used and the upgraded Liberty version 21.0.0.10 requires Java8. Hence, no eFix can be provided for versions before 7.3.0.5.\n\nFor customers on TADDM FixPack 3 or FixPack 4, recommendation is to upgrade to a later version and then follow the steps mentioned above.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-31T06:39:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server & WAS Liberty is vulnerable to Information Exposure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-03-31T06:39:36", "id": "7FF67E7B52DAFF24211DBF2A070CA6F859E1B8F13FEC5BEDB6B3E4A7B2894505", "href": "https://www.ibm.com/support/pages/node/6525722", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T18:03:00", "description": "## Summary\n\nThere are multiple vulnerabilities in the Apache Commons Compress library that is used by WebSphere Application Server Liberty. This has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server Liberty| 17.0.0.3 - 21.0.0.9 \n \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix or Fix Pack containing APAR PH39418 for each named product as soon as practical. \n \n**For WebSphere Application Server Liberty 17.0.0.3 - 21.0.0.9: ** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH39418](<https://www.ibm.com/support/pages/node/6489503> \"PH39418\" ) \n\\--OR-- \n\u00b7 Apply Liberty Fix Pack 21.0.0.10 or later (targeted availability 4Q2021). \n \nAdditional interim fixes may be available and linked off the interim fix download page.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-15T22:19:29", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33517", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-09-15T22:19:29", "id": "CC8B5EAED9F16E46FA900651589C00B568FED80DA1BF6B1F0CD9487C5E056E7C", "href": "https://www.ibm.com/support/pages/node/6489683", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:46:05", "description": "## Summary\n\nMultiple Vulnerabilities in Apache Commons Compress affect Liberty for Java for IBM Cloud.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect all versions of Liberty for Java in IBM Cloud up to and including v3.61. \n\n\n \n\n\n \n\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v3.62-20210922-1852 or higher, you must re-stage or re-push your application \n\nTo find the current version of Liberty for Java in IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands:\n\ncf ssh <appname> -c cat \"staging_info.yml\"\n\nLook for the following lines:\n\n{\u201cdetected_buildpack\u201d:\u201cLiberty for Java(TM) (WAR, liberty-21.0.0_9, buildpack-v3.62-20210922-1852, ibmjdk-1.8.0_sr6fp36-20210824, env, spring-auto-reconfiguration-1.12.0_RELEASE)\u201c,\u201dstart_command\u201d:\u201c.liberty/initial_startup.rb\u201d}\n\nTo re-stage your application using the command-line Cloud Foundry client, use the following command:\n\ncf restage <appname>\n\nTo re-push your application using the command-line Cloud Foundry client, use the following command:\n\ncf push <appname>\n\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-07T16:01:56", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect Liberty for Java for IBM Cloud (CVE-2021-33517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33517", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-10-07T16:01:56", "id": "B62071204643E59AD31EF38C3F1DA735EF11A4D940DEE816C67BC98D03AE1325", "href": "https://www.ibm.com/support/pages/node/6498141", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:58:33", "description": "## Summary\n\nMultiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090) which is bundled with IBM WebSphere Hybrid Edition\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Affected Product(s) and Version(s)| Affected Product(s) and Version(s) \n---|--- \nIBM WebSphere Hybrid Edition, all| \n\nWebSphere Application Server Liberty\n\n * 17.0.0.3 - 21.0.0.9 \n \n \n\n\n## Remediation/Fixes\n\n[Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server (CVE-2021-35517, CVE-2021-36090)](<https://www.ibm.com/support/pages/node/6489683> \"Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server \$CVE-2021-35517, CVE-2021-36090\$\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-05T21:19:38", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server which is bundled with IBM WebSphere Hybrid Edition (CVE-2021-33517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33517", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-01-05T21:19:38", "id": "1CBB3850C5774C7EF01617A98C0603053597EB9E84A0DF64C201094FAB392754", "href": "https://www.ibm.com/support/pages/node/6538440", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:59:52", "description": "## Summary\n\nWebsphere Application Server (WAS) Liberty Profile is shipped as a component of IBM Operations Analytics Predictive Insights. Information about Apache Commons Compress library vulnerabilities ( CVE-2021-36090, CVE-2021-35517 ) to a denial of service, caused by an out of memory error affect WAS Liberty Profile. This has been published in a security bulletin\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| **Affected Supporting Product and Version(s)** \n---|--- \nIBM Operations Analytics Predictive Insights - All| WebSphere Application Server Liberty 17.0.0.3 - 21.0.0.9 \n \n## Remediation/Fixes\n\nFirst, from IBM Fix Central download and apply [1.3.6-TIV-PredictiveInsights-el7-x86_64-InterimFix005 ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=1.3.6-TIV-PredictiveInsights-el7-x86_64-InterimFix005&product=ibm%2FTivoli%2FIBM%20SmartCloud%20Analytics%20-%20Predictive%20Insights&source=dbluesearch&mhsrc=ibmsearch_a&mhq=1.3.6-TIV-PredictiveInsights-el7-x86_64-InterimFix005%20&function=fixId&parent=IBM%20Operations%20Analytics> \"1.3.6-TIV-PredictiveInsights-el7-x86_64-InterimFix005\" ) . Applying iFix5 will upgrade WebSphere Application Server Liberty to version 21.0.0.8.\n\nThen, upgrade to WebSphere Application Server Liberty Core 21.0.0.9. From IBM Fix Central download and apply [21.0.0.9-WS-LIBERTY-CORE-FP](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=21.0.0.9-WS-LIBERTY-CORE-FP&product=ibm%2FWebSphere%2FWebSphere%20Liberty&source=dbluesearch&mhsrc=ibmsearch_a&mhq=IBM%20WebSphere%20Application%20Server%20Liberty%20Core%2021.0.0.9&function=fixId&parent=ibm/WebSphere> \"21.0.0.9-WS-LIBERTY-CORE-FP\" ) .\n\nNow, download and apply WebSphere Application Server Liberty interim fix[ PH39418](<https://www.ibm.com/support/pages/node/6489503> \"PH39418\" ). For further details and recommendations see security bulletin: [Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)](<https://www.ibm.com/support/pages/node/6489683> \"Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty \$CVE-2021-33517, CVE-2021-36090\$\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T19:33:19", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities ( CVE-2021-36090, CVE-2021-35517 ) in Apache Commons Compress affect WebSphere Application Server Liberty Profile, shipped with IBM Operations Analytics Predictive Insights", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33517", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-15T19:33:19", "id": "B8CB582AD4C9B18B3C5CCBAB5234D749FD3D0D9E37A5EF38D599A964E5AE80A1", "href": "https://www.ibm.com/support/pages/node/6526710", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:55:29", "description": "## Summary\n\nThere are vulnerabilities in Apache Commons Compress (CVE-2021-36090), Apache Log4j (CVE-2021-44832), and TIBCO WebFOCUS (CVE-2021-35493) as described in the vulnerability details section. Apache Commons Compress is used by Db2 Web Query for zipping and unzipping objects, such as import and export packages via Change Management or log files via the Administration Console. Apache Log4j is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. TIBCO WebFOCUS is used as the underlying base product for Db2 Web Query for i. IBM has addressed the vulnerabilities in Db2 Web Query for i by upgrading to Apache Commons Compress 1.21 and Apache Log4j 2.17.1, and by upgrading to remediated components of TIBCO WebFOCUS 8206 and 8207. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35493](<https://vulners.com/cve/CVE-2021-35493>) \n** DESCRIPTION: **TIBCO Webfocus WebFOCUS Reporting Server and WebFOCUS Client components are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209363](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209363>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)**| **CVE** \n---|---|--- \nIBM Db2 Web Query for i| 2.3.0| \n\nCVE-2021-36090\n\nCVE-2021-44832\n\nCVE-2021-35493 \n \nIBM Db2 Web Query for i| 2.2.1| \n\nCVE-2021-36090\n\nCVE-2021-44832\n\nCVE-2021-35493 \n \nIBM Db2 Web Query for i| 2.2.0| \n\nCVE-2021-36090\n\nCVE-2021-35493 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now.**\n\nDb2 Web Query for i releases 2.2.0, 2.2.1, and 2.3.0 are impacted. \n\n**Release 2.2.0 can be fixed by upgrading to release 2.2.1 or 2.3.0, depending on your IBM i release level: **\n\n**Operating system **\n\n| \n\n**Remediation** \n \n---|--- \n \nIBM i 7.4\n\n| \n\nUpgrade to Db2 Web Query for i 2.3.0 \n \nIBM i 7.3\n\n| \n\nUpgrade to Db2 Web Query for i 2.3.0 \n \nIBM i 7.2\n\n| \n\nUpgrade to Db2 Web Query for i 2.2.1 \n \nIBM i 7.1\n\n| \n\nUpgrade to Db2 Web Query for i 2.2.1 \n \nTo request an EZ-Install package, including instructions for the upgrade installation, send an email to [QU2@us.ibm.com](<mailto:QU2@us.ibm.com>). More information for the upgrade is available at [https://ibm.biz/db2wq-install](<https://ibm.biz/db2wq-install>). \n\n\n**Releases 2.2.1 and 2.3.0 can be fixed by applying the latest Db2 Web Query for i group Program Temporary Fix (PTF).**\n\nThe PTFs are applied to product ID 5733WQX. The group PTF numbers and minimum level with the fix are: \n\n**Affected Releases**\n\n| \n\n**Group PTF and Minimum Level for Remediation** \n \n---|--- \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.4\n\n| \n\n[SF99654 level 5](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99654&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.3\n\n| \n\n[SF99533 level 5](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99533&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.2.1 w/ IBM i 7.4\n\n| \n\n[SF99653 level 13](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99653&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.2.1 w/ IBM i 7.3\n\n| \n\n[SF99433 level 13](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99433&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.2.1 w/ IBM i 7.2\n\n| \n\n[SF99434 level 13](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99434&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.2.1 w/ IBM i 7.1\n\n| \n\n[SF99435 level 13](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99435&includeSupersedes=0&source=fc>) \n \n_**Important note**: _\n\n_ IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-30T14:28:57", "type": "ibm", "title": "Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35493", "CVE-2021-36090", "CVE-2021-44832"], "modified": "2022-03-30T14:28:57", "id": "998E998A37AA40076F35ACE20C7E0016E44B1CC4EFB6AE26D0761C68B7C99657", "href": "https://www.ibm.com/support/pages/node/6567195", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T17:51:08", "description": "## Summary\n\nMuiltiple vulnerabilities in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server are addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.7 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [JR64702](<http://www.ibm.com/support/docview.wss?uid=swg1JR64702> \"JR64702\" )| \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"11.7.1.3 Service pack 4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-27T23:07:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-04-27T23:07:49", "id": "F89D3081DA6B5CB2F4FF097D956A1B15C95A11155B2977DE948E9FE8ECD15A28", "href": "https://www.ibm.com/support/pages/node/6575543", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T17:54:38", "description": "## Summary\n\nThere is a vulnerability in Liberty that affects IBM WIoTP MessageGateway.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM IoT MessageSight| 2.0 \nIBM WIoTP MessageGateway| 5.0.0.2 \nIBM IoT MessageSight| 5.0.0.0 \n \n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM WIoTP MessageGateway_| \n\n_5.0.0.2_\n\n| \n\n_IT38767_\n\n| [_5.0.0.2-IBM-IMA-IFIT38767_](<https://www.ibm.com/support/pages/node/6524672>) \n_IBM MessageSight_| \n\n_5.0.0.0_\n\n| \n\n_IT38767_\n\n| [_5.0.0.0-IBM-IMA-IFIT38767_](<https://www.ibm.com/support/pages/node/6524662>) \n_IBM MessageSight_| \n\n_2.0.0.2_\n\n| \n\n_IT38767_\n\n| [_2.0.0.2-IBM-IMA-IFIT38767_](<https://www.ibm.com/support/pages/node//6524670>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-24T16:01:38", "type": "ibm", "title": "Security Bulletin: A vulnerability in Liberty affects IBM WIoTP MessageGateway (CVE-2021-29842)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-24T16:01:38", "id": "900B686502E0C61F1BAA043F9387495F4C4AF282D993D0971AFB618978232651", "href": "https://www.ibm.com/support/pages/node/6527976", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T17:56:42", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about a security vulnerability affecting WebSphere Application Server has been published in multiple security bulletins. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n \n\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nIBM WebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * Liberty\n * 9.0\n * 8.5\n * 8.0 \n \n\n\n \n\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes. \n\n * [WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842)](<https://supportcontent.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-information-disclosure-cve-2021-29842> \"Security Bulletin: WebSphere Application Server is vulnerable to Information Disclosure \$CVE-2021-29842\$\" ) \n\n * [Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)](<https://supportcontent.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-apache-commons-compress-affect-websphere-application-server-liberty-cve-2021-33517-cve-2021-36090> \"Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty \$CVE-2021-33517, CVE-2021-36090\$\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-05T19:25:23", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-33517", "CVE-2021-36090"], "modified": "2021-10-05T19:25:23", "id": "3F96A633CE7ED35C5DCB16407F6DA5B42A94D92B87D9F35134C90B90A6E664ED", "href": "https://www.ibm.com/support/pages/node/6495913", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T18:01:20", "description": "## Summary\n\nFix is available for vulnerabilities in Apache Commons* affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - Compare & Comply| All \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Compare and Comply for IBM Cloud Pak for Data 1.1.13. To download the software, go to Passport Advantage, then search for \"watson compare and comply for ICP for Data\", then select IBM Watson Compare and Comply for ICP for Data V1.1.13 Linux English , part number M037KEN.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-28T23:12:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Commons* affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-10-28T23:12:16", "id": "CDDC441D27E108C0C02A93DB9A7C32A887C12C059B5D2279EA48BF038E8D5170", "href": "https://www.ibm.com/support/pages/node/6509702", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:49:36", "description": "## Summary\n\nIBM Sterling B2B Integrator has addressed the security vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **APAR(s)**| **Version(s)** \n---|---|--- \nIBM Sterling B2B Integrator| IT39562, IT38884| 6.1.0.0 - 6.1.1.1 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation/Fix** \n---|---|--- \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.1.1| Apply IBM Sterling B2B Integrator version 6.1.1.2 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>)\n\nor Apply IBM Sterling B2B Integrator version 6.1.2.0 that can be downloaded from IBM Passport Advantage \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-22T16:39:58", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Apache Commons Compress", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-08-22T16:39:58", "id": "B9F14FDA85553B1CFC437ADD80AE8D3308F5F7116C42963946938CBE5C5EA56F", "href": "https://www.ibm.com/support/pages/node/6614553", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:52:38", "description": "## Summary\n\nApache Commons as used by IBM QRadar SIEM is vulnerable to denial of service. IBM has addressed the relevant CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM QRadar SIEM v7.3| All BlueCoatWSSRESTAPI versions before 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614 \nIBM QRadar SIEM v7.4| All BlueCoatWSSRESTAPI versions before 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850 \nIBM QRadar SIEM v7.5| All BlueCoatWSSRESTAPI versions before 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923 \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nSee the **Related Information** section below for instructions on verifying your currently installed version.\n\n**Product**| **Versions**| **Fix** \n---|---|--- \nIBM QRadar SIEM| 7.3| [7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614.noarch.rpm&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614\" ) \nIBM QRadar SIEM| 7.4| [7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850.noarch.rpm&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850\" ) \nIBM QRadar SIEM| 7.5| [7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923.noarch.rpm&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-06T18:14:44", "type": "ibm", "title": "Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-06-06T18:14:44", "id": "D2F45C96EB49AFC2B652E7D45AA056C9A181453656E766BAD269586E7F2C3CFB", "href": "https://www.ibm.com/support/pages/node/6592779", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:02:05", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.2 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-4\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-01T06:22:55", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-10-01T06:22:55", "id": "FAD5EEE9FD5547B3BC0F26582580EC66DC6193FFFF5B317ECA1DEDB5F001336A", "href": "https://www.ibm.com/support/pages/node/6492217", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:39:49", "description": "## Summary\n\nIBM B2B Advanced Communications has addressed vulnerabilities in Apache Commons Compress shipped with product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM B2B Advanced Communications| 1.0.0.x \nIBM Multi-Enterprise Integration Gateway| 1.0.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | \n\n**Version**\n\n| \n\n**Remediation** \n \n---|---|--- \n \nIBM B2B Advanced Communications\n\n| \n\n1.0.0.x\n\n| Apply fix pack [1.0.0.8](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \nIBM Multi-Enterprise Integration Gateway| \n\n1.0.0.1\n\n| Apply fix pack [1.0.0.8 ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-20T06:25:38", "type": "ibm", "title": "Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Apache Commons Compress", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2023-02-20T06:25:38", "id": "DF191538C8CFADC9C4FBA779294B9A47AEEFD56EB05A6B7BA858EC03DB26B960", "href": "https://www.ibm.com/support/pages/node/6956840", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:03:42", "description": "## Summary\n\nIBM Content Navigator has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Content Navigator| 3.0CD \n \n\n\n## Remediation/Fixes\n\nProduct| VMRF| \nRemidiation / First Fix \n---|---|--- \nIBM Content Navigator| 3.0 Continuous Delivery| ICN 3.0.7 iFix 10 and above, ICN 3.0.9 iFix 5 and above, ICN 3.0.10 iFix 1 and above. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T16:20:09", "type": "ibm", "title": "Security Bulletin: IBM Content Navigator is vulnerable to a denial of service vulnerabilty.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-08-19T16:20:09", "id": "91791263F482BE4327CB96A074DA5FD8EB133EF9DA47BE41713B960DCA5C33B4", "href": "https://www.ibm.com/support/pages/node/6482503", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:01:18", "description": "## Summary\n\nA denial of service vulnerability in Apache Commons Compress that is used by IBM InfoSphere Information Server was addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; zip package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63945](<http://www.ibm.com/support/docview.wss?uid=swg1JR63945> \"JR63945\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-29T22:16:45", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons Compress", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-10-29T22:16:45", "id": "DF989094B08F10BFBA2DA2F5ED5CF27B371F00C6520140A5C25FA34A1EEA15E3", "href": "https://www.ibm.com/support/pages/node/6509082", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:51:40", "description": "## Summary\n\nWhen reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0.x \n \n\n\n## Remediation/Fixes\n\nThis issue has been fixed in ITNM4.2 Fix Pack 15 (i.e. 4.2.0.15) available from fix central. \n\nITNM Full builds\n\n[4.2.0-TIV-ITNMIP-Linux-FP0015](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-Linux-FP0015&source=SAR> \"4.2.0-TIV-ITNMIP-Linux-FP0015\" )\n\n[4.2.0-TIV-ITNMIP-zLinux-FP0015](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-zLinux-FP0015&source=SAR> \"4.2.0-TIV-ITNMIP-zLinux-FP0015\" )\n\n[4.2.0-TIV-ITNMIP-AIX-FP0015](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-AIX-FP0015&source=SAR> \"4.2.0-TIV-ITNMIP-AIX-FP0015\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-04T12:55:48", "type": "ibm", "title": "Security Bulletin: Apache Commons as used by IBM Tivoli Network Manager is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-07-04T12:55:48", "id": "69A39D35FF9374902BEB26D9183E47ADA8A9F6E73B9981D10DC5E13E014BE244", "href": "https://www.ibm.com/support/pages/node/6601115", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:50:14", "description": "## Summary\n\nThe version of IBM WebSphere Liberty Profile that is shipped with IBM MQ is vulnerable to Information Disclosure. IBM WebSphere Liberty Profile is used to provide WebUI and REST API capabilities.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.2 CD \nIBM MQ | 9.2 LTS \nIBM MQ | 9.1 CD \nIBM MQ | 9.1 LTS \n \n## Remediation/Fixes\n\nThis issued was resolved under APAR IT38503 \n\n**IBM MQ 9.1 LTS**\n\n[Apply FixPack 9.1.0.10](<https://www.ibm.com/support/pages/downloading-ibm-mq-910-older-fix-packs#fp91010>)\n\n**IBM MQ 9.2 LTS**\n\n[Apply FixPack 9.2.0.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-9204>)\n\n**IBM MQ 9.1 CD and 9.2 CD**\n\n[Upgrade to IBM MQ 9.2.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-924-continuous-delivery>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-26T23:29:57", "type": "ibm", "title": "Security Bulletin: The version of IBM WebSphere Liberty shipped with IBM MQ is vulnerable to multiple CVEs (CVE-2021-29842,CVE-2021-33517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-33517", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-05-26T23:29:57", "id": "87E69918E25D6751D3DFF28B93E0E32012AA2DB7FA1D0F74175CA8BE7330EFB7", "href": "https://www.ibm.com/support/pages/node/6527792", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-23T18:02:51", "description": "## Summary\n\nFix is available for vulnerabilities in Apache Commons* affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus_GUI| 8.1.x \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nTivoli Netcool/OMNIbus WebGUI| 8.1.0| IJ34171| Apply Fix Pack 24 ([Fix Pack for WebGUI 8.1.0 Fix Pack 24](<https://www.ibm.com/support/pages/node/6467039> \"Fix Pack for WebGUI 8.1.0 Fix Pack 24\" )) \n \n\n\nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nUpgrade to WebGUI 8.1.0 Fix Pack 24 \n\n \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-19T23:41:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Commons* affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-09-19T23:41:44", "id": "4B7C6723D18E0DFA9F2B469E2F6D9E9E97BAC6728DDB3BA15F40ACE66F684EF5", "href": "https://www.ibm.com/support/pages/node/6490749", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:59:32", "description": "## Summary\n\nThe embedded IBM Content Navigator component, that is shipped with IBM Business Automation Workflow is vulnerable to multiple vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| 19.0.0.x, 20.0.0.x, 21.0.x \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR [JR64138](<https://www.ibm.com/support/docview.wss?uid=swg1JR64138> \"JR64138\" ) as soon as practical: \n\n * [IBM Business Automation Workflow](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=aparId&apars=JR64138>)\n\nFor Business Automation Workflow v19.0.0.x, v20.0.0.x, v21.0.x \n\u00b7 Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix [JR64138](<https://www.ibm.com/support/docview.wss?uid=swg1JR64138> \"JR64138\" ) \n\\--OR-- \n\u00b7 Apply cumulative fix Business Automation Workflow V21.0.3 or later\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-17T18:41:15", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow -CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-17T18:41:15", "id": "C880E056FA204218A84A61C31DFC839867B32C5A7A216BBFF825B8013A446E7F", "href": "https://www.ibm.com/support/pages/node/6527968", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:57:57", "description": "## Summary\n\nApache commons-compress security vulnerabilities in IBM Content Navigator (ICN) toolkit affecting Administration Console for Content Platform Engine (ACCE)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nFileNet Content Manager| 5.5.4 \nFileNet Content Manager| 5.5.6 \nFileNet Content Manager| 5.5.7 \n \n## Remediation/Fixes\n\nTo resolve these vulnerabilities, install one of the patch sets listed below to upgrade to Resolved by Apache commons-compress.jar v1.21 or higher.\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager| \n\n5.5.4\n\n5.5.6 \n \n5.5.7\n\n| [PJ46648](<https://www.ibm.com/support/pages/apar/PJ46648> \"PJ46648\" ) \n[PJ46648](<https://www.ibm.com/support/pages/apar/PJ46648> \"PJ46648\" ) \n[PJ46648](<https://www.ibm.com/support/pages/apar/PJ46648> \"PJ46648\" ) \n[PJ46648](<https://www.ibm.com/support/pages/apar/PJ46648> \"PJ46648\" )| 5.5.4.0-P8CPE-IF006 - 10/7/2021 \n5.5.6.0-P8CPE-ALL-LA014 - 11/19/2021 \n5.5.6.0-P8CPE-IF003 - 1/14/2022 \n5.5.7.0-P8CPE-IF001 - 9/17/2021 \n \n \nIn the above table, the APAR links will provide more information about the fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-14T23:47:05", "type": "ibm", "title": "Security Bulletin: Apache commons-compress security vulnerabilities in IBM Content Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-01-14T23:47:05", "id": "B07B2DDB76A96BB8480E22188347E3C9EE42A03F24868518880519216E52F154", "href": "https://www.ibm.com/support/pages/node/6498123", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:42:50", "description": "## Summary\n\nIBM Security Verify Governance uses Apache Commons Compress which could allow a denial of service by a remote attacker, caused by multiple vulnerabilities (CVE-2021-35517, CVE-2021-36090, CVE-2021-35515, CVE-2021-35516). The fix includes upgrading the Commons Collections jar to the patched version.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Verify Governance| 10.0 \n \n## Remediation/Fixes\n\nAffected Product(s)\n\n| \n\nVersion(s)\n\n| \n\nFirst Fix \n \n---|---|--- \n \nIBM Security Verify Governance\n\n| \n\n10.0.1\n\n| \n\n[10.0.1.0-ISS-ISVG-IGVA-FP0002](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.0.0&platform=Linux&function=fixId&fixids=10.0.1.0-ISS-ISVG-IGVA-FP0002&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-03T12:05:38", "type": "ibm", "title": "Security Bulletin: IBM Security Verify Governance is vulnerable to denial of service due to use of Apache Commons Compress (CVE-2021-35517, CVE-2021-36090, CVE-2021-35515, CVE-2021-35516)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2023-01-03T12:05:38", "id": "E04842499BA6DBF5423B1C2D99E7E204D6DCA991703C7EF467D56949F4429941", "href": "https://www.ibm.com/support/pages/node/6846527", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T05:50:53", "description": "## Summary\n\nIBM Sterling B2B Integrator has addressed the CKEditor security vulnerabilities in B2B API.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-32808](<https://vulners.com/cve/CVE-2021-32808>) \n** DESCRIPTION: **CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the undo feature. A remote attacker could exploit this vulnerability using malformed widget HTML, which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2021-32809](<https://vulners.com/cve/CVE-2021-32809>) \n** DESCRIPTION: **CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code into the editor, which when viewed, would abuse the paste functionality and executed in the victim's Web browser within the security context of the hosting site. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-37695](<https://vulners.com/cve/CVE-2021-37695>) \n** DESCRIPTION: **CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Fake Objects plugin. A remote attacker could exploit this vulnerability using malformed Fake Objects HTML, which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-41164](<https://vulners.com/cve/CVE-2021-41164>) \n** DESCRIPTION: **CKEditor4 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using the Advanced Content Filter (ACF) module to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2021-41165](<https://vulners.com/cve/CVE-2021-41165>) \n** DESCRIPTION: **CKEditor4 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using the core HTML processing module to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2022-24728](<https://vulners.com/cve/CVE-2022-24728>) \n** DESCRIPTION: **CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222035](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222035>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-24729](<https://vulners.com/cve/CVE-2022-24729>) \n** DESCRIPTION: **CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a significant performance drop and results in a browser tab freeze. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222037](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222037>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.5, 6..1.1.0 - 6.1.1.1, 6.1.2.0 \n \n\n\n## Remediation/Fixes\n\n**Product**| **Version**| **APAR**| **Remediation & Fix** \n---|---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6| IT41002| Apply 6.0.3.7 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.5 \n6.1.1.0 - 6.1.1.1 \n6.1.2.0 | \n\nIT41002\n\n| Apply 6.1.0.6, 6.1.1.2 or 6.1.2.1 \n \nThe version 6.0.3.7, 6.1.0.6, 6.1.1.2 and 6.1.2.1 are available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>). \n\nThe container version of 6.1.2.1 is available in IBM Entitled Registry with following tags. \n\n * cp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.1 for IBM Sterling B2B Integrator\n * cp.icr.io/cp/ibm-sfg/sfg:6.1.2.1 for IBM Sterling File Gateway\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-03T15:55:10", "type": "ibm", "title": "Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32808", "CVE-2021-32809", "CVE-2021-37695", "CVE-2021-41164", "CVE-2021-41165", "CVE-2022-24728", "CVE-2022-24729"], "modified": "2023-01-03T15:55:10", "id": "8F313894553377D79CE37F4DCC19E27AD4FD3271C08DF1AC992BCE68E81DC592", "href": "https://www.ibm.com/support/pages/node/6852451", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:57:50", "description": "## Summary\n\nVulnerabilities in Node.js, XStream and Apache Commons such as denial of service, elevated privileges, and execution of arbitrary code on the system may affect IBM Spectrum Control.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22918](<https://vulners.com/cve/CVE-2021-22918>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by an out-of-bounds read in the libuv&#39;s uv__idna_toascii() function. By invoking the function using dns module&#39;s lookup() function, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-22921](<https://vulners.com/cve/CVE-2021-22921>) \n** DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in the installation directory. Under certain conditions. An attacker could exploit this vulnerability to perform PATH and DLL hijacking attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204785](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204785>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29505](<https://vulners.com/cve/CVE-2021-29505>) \n** DESCRIPTION: **XStream XStream could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress&#39; sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Control| 5.3.0.1-5.4.3 \n \n\n\n## Remediation/Fixes\n\n**Release**| **First Fixing** \n**VRM Level**| ** Link to Fix** \n---|---|--- \n5.4.4| 5.4.4| <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-31T08:17:26", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Node.js, XStream and Apache Commons affect IBM Spectrum Control", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22918", "CVE-2021-22921", "CVE-2021-29505", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-08-31T08:17:26", "id": "A740554B49FF2C28448E8B6CAEB6B5186A59385D0F06901909CFF1DCA81D60FC", "href": "https://www.ibm.com/support/pages/node/6485153", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T17:57:50", "description": "## Summary\n\nThe Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 67.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29853](<https://vulners.com/cve/CVE-2021-29853>) \n** DESCRIPTION: **IBM Planning Analytics could expose information that could be used to to create attacks by not validating the return values from some methods or functions. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205529](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205529>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-29852](<https://vulners.com/cve/CVE-2021-29852>) \n** DESCRIPTION: **IBM Planning Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205528>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29851](<https://vulners.com/cve/CVE-2021-29851>) \n** DESCRIPTION: **IBM Planning Analytics could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23343](<https://vulners.com/cve/CVE-2021-23343>) \n** DESCRIPTION: **path-parse is vulnerable to a denial of service. By sending a specially-crafted request via splitDeviceRe, splitTailRe, and splitPathRe regular expressions, a remote attacker could exploit this vulnerability to cause a regular expression denial of service (ReDoS). \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Planning Analytics Local 2.0\n\n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the most recent security update: \n\n\n[Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 67 from Fix Central.](<https://www.ibm.com/support/pages/node/6481963> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 67 from Fix Central.\" ) \n\n\nThis Security Bulletin is applicable to IBM Planning Analytics 2.0 (Local).\n\nThe vulnerability has been addressed on IBM Planning Analytics with Watson and no further action is required.\n\n \n\n\n \n\n\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-31T16:20:46", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23343", "CVE-2021-29851", "CVE-2021-29852", "CVE-2021-29853", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-08-31T16:20:46", "id": "0665925DF5F067ECF5E297BA3C90127DB89591002C77E6A2724DF5A757C0156C", "href": "https://www.ibm.com/support/pages/node/6480413", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:55:30", "description": "## Summary\n\nVulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL may affect IBM Spectrum Control.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22939](<https://vulners.com/cve/CVE-2021-22939>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207233](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207233>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3712](<https://vulners.com/cve/CVE-2021-3712>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-22931](<https://vulners.com/cve/CVE-2021-22931>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-22930](<https://vulners.com/cve/CVE-2021-22930>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-22940](<https://vulners.com/cve/CVE-2021-22940>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Control| 5.3.0.1-5.4.4 \n \n\n\n## Remediation/Fixes\n\n**Release**| **First Fixing** \n**VRM Level**| ** Link to Fix** \n---|---|--- \n5.4.5| 5.4.5| <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-09T07:56:22", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL affect IBM Spectrum Control", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22930", "CVE-2021-22931", "CVE-2021-22939", "CVE-2021-22940", "CVE-2021-29842", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3712"], "modified": "2021-12-09T07:56:22", "id": "45F290647D7A4EBF1F245A22873DA3258113639A5595D4F08D5206EB9D79EBCF", "href": "https://www.ibm.com/support/pages/node/6524930", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T14:45:24", "description": "## Summary\n\nVulnerabilities in Apache Commons and Node .js such as denial of service, execution of arbitrary commands on the system, and elevated privileges, may affect IBM Spectrum Protect Plus.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-23337](<https://vulners.com/cve/CVE-2021-23337>) \n** DESCRIPTION: **Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196797](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196797>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22918](<https://vulners.com/cve/CVE-2021-22918>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by an out-of-bounds read in the libuv's uv__idna_toascii() function. By invoking the function using dns module's lookup() function, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-22921](<https://vulners.com/cve/CVE-2021-22921>) \n** DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in the installation directory. Under certain conditions. An attacker could exploit this vulnerability to perform PATH and DLL hijacking attacks. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204785](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204785>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21388](<https://vulners.com/cve/CVE-2021-21388>) \n** DESCRIPTION: **Node.js systeminformation module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the service parameters. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201046](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201046>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28500](<https://vulners.com/cve/CVE-2020-28500>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) in the toNumber, trim and trimEnd functions. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23382](<https://vulners.com/cve/CVE-2021-23382>) \n** DESCRIPTION: **Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service (ReDoS) flaw in the getAnnotationURL() and loadAnnotation() functions in lib/previous-map.js. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0-10.1.8 \n \n## Remediation/Fixes\n\n**IBM Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.8.2 \n| Linux| <https://www.ibm.com/support/pages/node/6415111> \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-01T08:54:19", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Commons and Node.js affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28500", "CVE-2021-21388", "CVE-2021-22918", "CVE-2021-22921", "CVE-2021-23337", "CVE-2021-23382", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-09-01T08:54:19", "id": "CF49D3C68973180FF18BD6C75A4B377A56810C21E28DDDFFBFD24EC340BB8DA8", "href": "https://www.ibm.com/support/pages/node/6484923", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:02:18", "description": "## Summary\n\nWebSphere Application Server Liberty profile is shipped as a component of IBM Robotic Process Automation. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty profile have been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22393](<https://vulners.com/cve/CVE-2022-22393>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222078](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222078>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-39038](<https://vulners.com/cve/CVE-2021-39038>) \n** DESCRIPTION: **IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-23450](<https://vulners.com/cve/CVE-2021-23450>) \n** DESCRIPTION: **Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39031](<https://vulners.com/cve/CVE-2021-39031>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-25031](<https://vulners.com/cve/CVE-2018-25031>) \n** DESCRIPTION: **swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-46708](<https://vulners.com/cve/CVE-2021-46708>) \n** DESCRIPTION: **npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-20492](<https://vulners.com/cve/CVE-2021-20492>) \n** DESCRIPTION: **IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197793](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197793>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L) \n \n** CVEID: **[CVE-2022-22310](<https://vulners.com/cve/CVE-2022-22310>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217224](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217224>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Robotic Process Automation| 21.0.2 \n \n\n\n## Remediation/Fixes\n\nIBM recommends you consult the following security bulletins: \n\n * [Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)](<https://www.ibm.com/support/pages/node/6569505> \"Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui \$CVE-2018-25031, CVE-2021-46708\$\" )\n * [Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)](<https://www.ibm.com/support/pages/node/6456017> \"Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection \$XXE\$ vulnerability \$CVE-2021-20492\$\" )\n * [Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)](<https://www.ibm.com/support/pages/node/6558594> \"Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo \$CVE-2021-23450\$\" )\n * [Security Bulletin: WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842)](<https://www.ibm.com/support/pages/node/6489485> \"Security Bulletin: WebSphere Application Server is vulnerable to Information Disclosure \$CVE-2021-29842\$\" )\n * [Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)](<https://www.ibm.com/support/pages/node/6489683> \"Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty \$CVE-2021-33517, CVE-2021-36090\$\" )\n * [Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to LDAP Injection (CVE-2021-39031)](<https://www.ibm.com/support/pages/node/6550488> \"Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to LDAP Injection \$CVE-2021-39031\$\" )\n * [Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038)](<https://www.ibm.com/support/pages/node/6559044> \"Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking \$CVE-2021-39038\$\" )\n * [Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22310)](<https://www.ibm.com/support/pages/node/6541530> \"Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure \$CVE-2022-22310\$\" )\n * [Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)](<https://www.ibm.com/support/pages/node/6489683> \"Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty \$CVE-2021-33517, CVE-2021-36090\$\" )\n\nPlease consult IBM Robotic Process Automation documentation for updating WebSphere Liberty.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-18T21:58:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Liberty profile shipped with IBM Robotic Process Automation", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25031", "CVE-2021-20492", "CVE-2021-23450", "CVE-2021-29842", "CVE-2021-33517", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-39031", "CVE-2021-39038", "CVE-2021-46708", "CVE-2022-22310", "CVE-2022-22393"], "modified": "2022-07-18T21:58:24", "id": "4836323F140F5C6D88883F2A098C5531EA1D0196B52BD5DA1D2D5BDAF8A68C4A", "href": "https://www.ibm.com/support/pages/node/6605071", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:52:47", "description": "## Summary\n\nThis SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-21797](<https://vulners.com/cve/CVE-2021-21797>) \n** DESCRIPTION: **Nitro PDF Pro could allow a remote attacker to execute arbitrary code on the system, caused by a double-free vulnerability in the TimeOutObject in the JavaScript implementation. By persuading a victim to open a specially-crafted document, an attacker could exploit this vulnerability to execute arbitrary code under the context of the application. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-40186](<https://vulners.com/cve/CVE-2022-40186>) \n** DESCRIPTION: **HashiCorp Vault and Vault Enterprise could allow a local authenticated attacker to gain unauthorized access to the system, caused by a flaw in the alias naming schema implementation for mount accessors with shared alias names in the Identity Engine. By conducting a specially-crafted operation, an attacker could exploit this vulnerability to overwrite metadata to the wrong alias, allowing the attacker to gain unauthorized access to key/value paths using that metadata in Vault. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236825](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236825>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-35941](<https://vulners.com/cve/CVE-2022-35941>) \n** DESCRIPTION: **TensorFlow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the AvgPoolOp function. By sending a specially-crafted request using a negative ksize arument, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236445](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236445>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41316](<https://vulners.com/cve/CVE-2022-41316>) \n** DESCRIPTION: **HashiCorp Vault and Vault Enterprise could provide weaker than expected security, caused by an issue with TLS certificate auth method Only Loaded CRL after first request. An attacker could exploit this vulnerability to launch further attacks on the system \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-29529](<https://vulners.com/cve/CVE-2020-29529>) \n** DESCRIPTION: **HashiCorp go-slug could allow a remote attacker to traverse directories on the system, caused by a flaw in handling files and symlinks in Unpack function. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192621](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192621>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-7219](<https://vulners.com/cve/CVE-2020-7219>) \n** DESCRIPTION: **HashiCorp Consul and Consul Enterprise is vulnerable to a denial of service, caused by a flaw in the HTTP/RPC services. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21123](<https://vulners.com/cve/CVE-2022-21123>) \n** DESCRIPTION: **Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup of multi-core shared buffers. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2022-21125](<https://vulners.com/cve/CVE-2022-21125>) \n** DESCRIPTION: **Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup of microarchitectural fill buffers. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-21166](<https://vulners.com/cve/CVE-2022-21166>) \n** DESCRIPTION: **Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup in specific special register write operations in the Memory Mapped I/O (MMIO) component. By conducting a specially-crafted write operation, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228696>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-42248](<https://vulners.com/cve/CVE-2021-42248>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by a flaw in the gjson.Get function. By sending a specially-crafted JSON input, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227236](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227236>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-36083](<https://vulners.com/cve/CVE-2022-36083>) \n** DESCRIPTION: **Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using the p2c JOSE Header Parameter, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Watson AIOps| 3.1 \nIBM Cloud Pak for Watson AIOps| 3.2 \nIBM Cloud Pak for Watson AIOps| 3.3 \nIBM Cloud Pak for Watson AIOps| 3.4 \nIBM Cloud Pak for Watson AIOps| 3.5 \n \n## Remediation/Fixes\n\n[https://www.ibm.com/docs/en/cloud-paks/cloud-pak-watson-aiops/3.5.1?topic=upgrading](<https://www.ibm.com/docs/en/cloud-paks/cloud-pak-watson-aiops/3.5.0?topic=upgrading>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-11-23T22:42:31", "type": "ibm", "title": "Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29529", "CVE-2020-7219", "CVE-2021-21797", "CVE-2021-36090", "CVE-2021-42248", "CVE-2021-42836", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-35941", "CVE-2022-36083", "CVE-2022-40186", "CVE-2022-41316"], "modified": "2022-11-23T22:42:31", "id": "EFEF2244E948829C5D18D7E375890D878EF65279FF91004B2295614B4406FAED", "href": "https://www.ibm.com/support/pages/node/6830857", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:54:50", "description": "## Summary\n\nVulnerabilities in PostgreSQL, Apache, Golang Go, and Linux Kernel, such as execution of arbitrary code, denial of service, bypassing security restrictions, elevation of privileges, and obtaining sensitive information, may affect IBM Spectrum Copy Data Management.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-32027](<https://vulners.com/cve/CVE-2021-32027>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow while modifying certain SQL array values. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36221](<https://vulners.com/cve/CVE-2021-36221>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a net/http/httputil ReverseProxy panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207036](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207036>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14385](<https://vulners.com/cve/CVE-2020-14385>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a failure of the file system metadata validator in XFS. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to shutdown. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14314](<https://vulners.com/cve/CVE-2020-14314>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory out-of-bounds read flaw. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188395](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188395>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-34558](<https://vulners.com/cve/CVE-2021-34558>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by the failure to properly assert that the type of public key in an X.509 certificate matches the expected type in the crypto/tls package. By persuading a victim to connect to a specially-crafted TLS server, a remote attacker could exploit this vulnerability to cause a TLS client to panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205578](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205578>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29923](<https://vulners.com/cve/CVE-2021-29923>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by improper consideration for extraneous zero characters at the beginning of an IP address octet. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access control based on IP addresses. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207025](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207025>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33909](<https://vulners.com/cve/CVE-2021-33909>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in fs/seq_file.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges to root. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3715](<https://vulners.com/cve/CVE-2021-3715>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-32029](<https://vulners.com/cve/CVE-2021-32029>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by an error when using an UPDATE\u2026RETURNING command on a purpose-crafted table. An attacker could exploit this vulnerability to read arbitrary bytes of server memory. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207909](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207909>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** Third Party Entry: **177835 \n** DESCRIPTION: **Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177835>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Copy Data Management| 2.2.13 and below \n \n\n\n## Remediation/Fixes\n\n**IBM Spectrum Copy Data Management**** Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n2.2| 2.2.14| Linux| <https://www.ibm.com/support/pages/node/6507419> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-10T23:51:51", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in PostgreSQL, Apache, Golang Go, and Linux Kernel affect IBM Spectrum Copy Data Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13956", "CVE-2020-14314", "CVE-2020-14385", "CVE-2021-29923", "CVE-2021-32027", "CVE-2021-32029", "CVE-2021-33909", "CVE-2021-34558", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-36221", "CVE-2021-3715"], "modified": "2021-12-10T23:51:51", "id": "8FB323EC50EB5CCD3380176BF2571DDA8C7739DBF4BC558C9B57458B912FEEF7", "href": "https://www.ibm.com/support/pages/node/6525250", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-15T00:13:38", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 (CVE-2022-21248, CVE-2022-21293, CVE-2022-21294, CVE-2022-21341, CVE-2021-35578, CVE-2021-35603, CVE-2021-35550) and Eclipse Openj9 (CVE-2021-41035) used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF15 has addressed the applicable CVEs by upgrading to IBM\u00ae Semeru JRE 11.0.14.1. Apache Log4j is used by IBM Cognos Command Center as part of its logging infrastructure. All instances of Apache Log4j v1.x have been upgraded to Apache Log4j v2.17.1 (CVE-2022-23307, CVE-2021-4104). Additionally, upgrades to FasterXML Jackson-Databind, Apache Commons Compress and Apache ActiveMQ have addressed applicable vulnerabilities which are listed below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21248](<https://vulners.com/cve/CVE-2022-21248>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21293](<https://vulners.com/cve/CVE-2022-21293>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217588](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217588>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21294](<https://vulners.com/cve/CVE-2022-21294>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217589](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217589>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21341](<https://vulners.com/cve/CVE-2022-21341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35603](<https://vulners.com/cve/CVE-2021-35603>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/134639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36518](<https://vulners.com/cve/CVE-2020-36518>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35550](<https://vulners.com/cve/CVE-2021-35550>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211627](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211627>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-11775](<https://vulners.com/cve/CVE-2018-11775>) \n** DESCRIPTION: **Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Command Center 10.2.4.1\n\n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security update:\n\n[IBM Cognos Command Center 10.2.4 Fix Pack 1 IF16](<https://www.ibm.com/support/pages/node/6890671>)\n\n[](<https://www.ibm.com/support/pages/node/6890675>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-16T18:23:06", "type": "ibm", "title": "Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7525", "CVE-2018-11775", "CVE-2020-36518", "CVE-2021-35517", "CVE-2021-35550", "CVE-2021-35578", "CVE-2021-35603", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-4104", "CVE-2022-21248", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21341", "CVE-2022-23307"], "modified": "2023-03-16T18:23:06", "id": "506E8C92E0B76D834A33E4AE02E5206A0ABF28570630F6E4A780D13A5238D647", "href": "https://www.ibm.com/support/pages/node/6555376", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:52:07", "description": "## Summary\n\nThis Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.11 and IBM Planning Analytics Workspace 2.0.72. There are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by IBM Planning Analytics and IBM Planning Analytics Workspace. IBM Planning Analytics 2.0.9.11 and IBM Planning Analytics Workspace 2.0.72 have addressed the applicable CVEs by upgrading to IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 6 Fix Pack 35. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Planning Analytics and IBM Planning Analytics Workspace. The applicable CVEs have been addressed in IBM Planning Analytics 2.0.9.11 and Planning Analytics Workspace 2.0.72. NOTE: This security bulletin summary has been updated to remove the security vulnerability referenced by CVE-2021-38892. The vulnerability has been re-evaluated and was found to have no impact on the Planning Analytics product. As a result, this summary has been updated to remove any mention of a 'DQM API'.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-2161](<https://vulners.com/cve/CVE-2021-2161>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200290](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200290>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-14797](<https://vulners.com/cve/CVE-2020-14797>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190115](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190115>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14779](<https://vulners.com/cve/CVE-2020-14779>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190097](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190097>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14796](<https://vulners.com/cve/CVE-2020-14796>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190114](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190114>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-27221](<https://vulners.com/cve/CVE-2020-27221>) \n** DESCRIPTION: **Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14782](<https://vulners.com/cve/CVE-2020-14782>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-2388](<https://vulners.com/cve/CVE-2021-2388>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2369](<https://vulners.com/cve/CVE-2021-2369>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Planning Analytics 2.0\n\nIBM Planning Analytics Workspace 2.0\n\n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security updates:\n\n \n \n**IBM Planning Analytics Local 2.0.9.11** \n \n[IBM Planning Analytics Local 2.0.9.11 is now available for download from Fix Central](<https://www.ibm.com/support/pages/node/6518648> \"IBM Planning Analytics Local 2.0.9.11 is now available for download from Fix Central\" )\n\nIBM Planning Analytics with Watson 2.0.9.11 is now available for cloud deployments.\n\nTo schedule an upgrade to this release for either your non-production or production tenant, log a support case at <https://www.ibm.com/mysupport.> \n \n** \nIBM Planning Analytics Workspace 2.0.72 \n**\n\n[Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 72 from Fix Central ](<https://www.ibm.com/support/pages/node/6528420> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 72 from Fix Central\" )\n\nPlease note that this update also addresses the following Apache Log4j v2.x vulnerabilities: CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 . See References.\n\nRemediation for IBM Planning Analytics with Watson - Planning Analytics Workspace has completed.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-23T04:27:40", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14779", "CVE-2020-14782", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-27221", "CVE-2021-2161", "CVE-2021-2369", "CVE-2021-2388", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-38892", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-23T04:27:40", "id": "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "href": "https://www.ibm.com/support/pages/node/6524704", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T17:54:19", "description": "## Summary\n\nIBM Cloud Transformation Advisor, which is bundled with IBM Cloud Pak for Applications, has addressed multiple security vulnerabilities (CVE-2021-35517, CVE-2021-36090, CVE-2021-45105, CVE-2021-45046, CVE-2021-22960, CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035, CVE-2021-22959, CVE-2021-29842, 211964).\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product(s) and Version(s)| Affected Product(s) and Version(s) \n---|--- \nIBM Cloud Pak for Applications, 4.3| IBM Cloud Transformation Advisor, 2.5.1 \n \n\n\n## Remediation/Fixes\n\n[Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation](<https://www.ibm.com/support/pages/node/6539506>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T20:04:22", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor, which is bundled with IBM Cloud Pak for Applications, has addressed multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-29842", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-11T20:04:22", "id": "838686EA8660AF45865AC08A8AAF01B25ECE89F900D760F085C235BD477978AE", "href": "https://www.ibm.com/support/pages/node/6540004", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T17:54:19", "description": "## Summary\n\nIBM Cloud Transformation Advisor, which is bundled with IBM Websphere Hybrid Edition, has addressed multiple security vulnerabilities (CVE-2021-35517, CVE-2021-36090, CVE-2021-45105, CVE-2021-45046, CVE-2021-22960, CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035, CVE-2021-22959, CVE-2021-29842, 211964).\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Affected Product(s) and Version(s) | Affected Product(s) and Version(s) \n---|--- \nIBM WebSphere Hybrid Edition, 5.0.0, 5.0.1| IBM Cloud Transformation Advisor, 2.5.1 \n \n\n\n## Remediation/Fixes\n\n[Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation](<https://www.ibm.com/support/pages/node/6539506>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T20:06:51", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor, which is bundled with IBM WebSphere Hybrid Edition, has addressed multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-29842", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-11T20:06:51", "id": "F7232359E6413A274B62C22CB7BF1EF8C428ADFBF22EF7B9B913D63D087BCACB", "href": "https://www.ibm.com/support/pages/node/6540010", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T17:43:12", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed multiple security vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22960](<https://vulners.com/cve/CVE-2021-22960>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by an error when parsing the body of chunked requests. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22959](<https://vulners.com/cve/CVE-2021-22959>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by an error related to a space in headers. A remote attacker could send a specially-crafted request with a space (SP) right after the header name before the colon to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211168](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211168>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** Third Party Entry: **211964 \n** DESCRIPTION: **Node.js ua-parser-js module could allow a remote attacker to execute arbitrary code on the system, caused by the containing of malicious code in the package. By persuading a victim to execute a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/211964 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.5.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 3.0.0 or later. \n\nIBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this [link](<https://www.ibm.com/cloud/architecture/tutorials/install-ibm-transformation-advisor-local> \"link\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-05T19:00:57", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation Advisor", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-29842", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-12-05T19:00:57", "id": "ABBECC2CF1F809CE932B9130A6788B28E3F6228FC5599EA3FB4CD8372D7EA7C8", "href": "https://www.ibm.com/support/pages/node/6539506", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-11T22:08:18", "description": "## Summary\n\nIBM has released the below fix for IBM Db2\u00ae Graph in response to multiple vulnerabilities found in multiple components\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-41881](<https://vulners.com/cve/CVE-2022-41881>) \n**DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause an infinite recursion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242087](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-41915](<https://vulners.com/cve/CVE-2022-41915>) \n**DESCRIPTION: **Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker could exploit this vulnerability to inject arbitrary HTTP/1.1 response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n**DESCRIPTION: **OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Text library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n**DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-25881](<https://vulners.com/cve/CVE-2022-25881>) \n**DESCRIPTION: **Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input using request header values, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-8244](<https://vulners.com/cve/CVE-2020-8244>) \n**DESCRIPTION: **Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sending a specially-crafted argument, an attacker could exploit this vulnerability to obtain sensitive information, or cause a denial of service condition. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) \n \n**CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-38752](<https://vulners.com/cve/CVE-2022-38752>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-38751](<https://vulners.com/cve/CVE-2022-38751>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-38750](<https://vulners.com/cve/CVE-2022-38750>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-38749](<https://vulners.com/cve/CVE-2022-38749>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) \n**DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-25857](<https://vulners.com/cve/CVE-2022-25857>) \n**DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-23918](<https://vulners.com/cve/CVE-2023-23918>) \n**DESCRIPTION: **Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a specially-crafted request using process.mainModule.require(), an attacker could exploit this vulnerability to bypass Permissions and access non authorized modules. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2023-23919](<https://vulners.com/cve/CVE-2023-23919>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by not clear the OpenSSL error stack after operations. By sending specially-crafted cryptographic operations, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247697](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247697>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-23936](<https://vulners.com/cve/CVE-2023-23936>) \n**DESCRIPTION: **Node.js is vulnerable to CRLF injection, caused by a flaw in the fetch API. By sending a specially-crafted HTTP response containing CRLF character sequences, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, session hijacking, HTTP response splitting or HTTP header injection. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247696>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2023-24807](<https://vulners.com/cve/CVE-2023-24807>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Headers.set() and Headers.append() methods in the fetch API. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247695>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-23920](<https://vulners.com/cve/CVE-2023-23920>) \n**DESCRIPTION: **Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICU_DATA environment variable, an attacker could exploit this vulnerability to search and potentially load ICU data. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247694](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247694>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2022-37866](<https://vulners.com/cve/CVE-2022-37866>) \n**DESCRIPTION: **Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to overwrite arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2022-37865](<https://vulners.com/cve/CVE-2022-37865>) \n**DESCRIPTION: **Apache Ivy could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could use a specially-crafted archive file containing \"dot dot\" sequences (/../) to write arbitrary files on the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239423](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239423>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM Db2\u00ae Graph levels are affected:\n\nAffected Product(s) | Version(s) \n---|--- \nDb2 Graph | 1.0.0.592-1.0.0.1514 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing these vulnerabilities now by upgrading to the latest IBM Db2\u00ae Graph release containing the fix for these issues. **\n\nProduct(s) | Fixed in Version(s) \n---|--- \nDb2 Graph | \n\n1.0.0.1562-amd64\n\n1.0.0.1598-amd64\n\nlatest-amd64\n\n1.0.0.1562-ppcle\n\n1.0.0.1598-ppcle\n\nlatest-ppcle\n\n1.0.0.1562-s390x\n\n1.0.0.1598-s390x\n\nlatest-s390x \n \nFollow the instructions below to setup IBM Db2 Graph\n\n<https://www.ibm.com/docs/en/db2/11.5?topic=graph-setting-up-db2>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-24T22:02:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Db2\u00ae Graph", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8244", "CVE-2022-25857", "CVE-2022-25881", "CVE-2022-33980", "CVE-2022-37865", "CVE-2022-37866", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2023-23918", "CVE-2023-23919", "CVE-2023-23920", "CVE-2023-23936", "CVE-2023-24807"], "modified": "2023-04-24T22:02:48", "id": "12365E079006AC201EC3CA279F0927477E9103C595244F01496633DFAC47BD20", "href": "https://www.ibm.com/support/pages/node/6985689", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-29T06:03:00", "description": "## Summary\n\nSecurity vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 Fix Pack 7. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.4 and 11.2.4 FP1. IBM WebSphere Liberty used in IBM Cognos Analytics is vulnerable to an HTTP Header Injection (CVE-2022-34165). The following 3rd party components are used by IBM Cognos Analytics and have been upgraded to address vulnerabilities: Node.js is an open-source and cross-platform JavaScript runtime environment (CVE-2022-32212, CVE-2022-32213, CVE-2022-32223, CVE-2022-32214, CVE-2022-32215, CVE-2022-35256, CVE-2022-35255, CVE-2022-43548). Node.js marked is a Node.js package that can be used to parse markdown into html (CVE-2022-21680, CVE-2022-21681). Node.js dicer is a multipart parser for Node.js (CVE-2022-24434). Node.js moment is a Node.js package use to parse, validate, manipulate, and display dates (CVE-2022-31129). Node.js decode-uri-component is a package to decode URIs (CVE-2022-38900). Google protobuf-java is a cross-platform data format used to serialize structured data. (CVE-2021-22569, CVE-2022-3171). Apache Calcite is an open-source framework for building databases and data management systems (CVE-2022-39135). CKEditor is a WYSIWYG rich text editor which can be directly inside web pages or application (CVE-2022-24728, CVE-2022-24729). Python is an object-oriented, programming language for web and app development (CVE-2022-45061). Swagger-UI is a tool for generating interactive API documentation (XFID:217346, XFID:221508). Netty is a Java-based non-blocking I/O networking framework (CVE-2022-41881). GNOME libxml2 is a software library for parsing XML documents (CVE-2021-3516, CVE-2021-3518). Additionally, a vulnerability where the content type of a browser's response was incorrectly stated has been addressed. This vulnerability could lead to Cross-Site Scripting (XSS) attacks (CVE-2021-39036).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21681](<https://vulners.com/cve/CVE-2022-21681>) \n** DESCRIPTION: **Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in inline.reflinkSearch. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217320](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217320>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-39135](<https://vulners.com/cve/CVE-2022-39135>) \n** DESCRIPTION: **Apache Calcite is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by improper input validation by the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE. By using specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files, cause a denial of service, conduct an SSRF attack, or achieve other system impacts. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235774>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-3171](<https://vulners.com/cve/CVE-2022-3171>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3516](<https://vulners.com/cve/CVE-2021-3516>) \n** DESCRIPTION: **libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202838](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202838>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41881](<https://vulners.com/cve/CVE-2022-41881>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause an infinite recursion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242087](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-39036](<https://vulners.com/cve/CVE-2021-39036>) \n** DESCRIPTION: **IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213966](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213966>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-24729](<https://vulners.com/cve/CVE-2022-24729>) \n** DESCRIPTION: **CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a significant performance drop and results in a browser tab freeze. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222037](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222037>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-31129](<https://vulners.com/cve/CVE-2022-31129>) \n** DESCRIPTION: **Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230690>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-32212](<https://vulners.com/cve/CVE-2022-32212>) \n** DESCRIPTION: **Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly check if an IP address is invalid or not by IsIPAddress. By controlling the victim's DNS server or spoofing its responses, an attacker could exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-32213](<https://vulners.com/cve/CVE-2022-32213>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly parse and validate Transfer-Encoding headers by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-32223](<https://vulners.com/cve/CVE-2022-32223>) \n** DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by the DLL search order hijacking of providers.dll. By placing a specially crafted file, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-32214](<https://vulners.com/cve/CVE-2022-32214>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to strictly use the CRLF sequence to delimit HTTP requests by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230658>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-32215](<https://vulners.com/cve/CVE-2022-32215>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle multi-line Transfer-Encoding headers by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230659>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-3518](<https://vulners.com/cve/CVE-2021-3518>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2022-43548](<https://vulners.com/cve/CVE-2022-43548>) \n** DESCRIPTION: **Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an insufficient IsAllowedHost check. By sending a specially-crafted DBS request using an invalid octal address, an attacker could exploit this vulnerability to conduct a DNS rebinding attack and execute arbitrary commands on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241552](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241552>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-35256](<https://vulners.com/cve/CVE-2022-35256>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-35255](<https://vulners.com/cve/CVE-2022-35255>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by the failure to check the return value after calls are made to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-21680](<https://vulners.com/cve/CVE-2022-21680>) \n** DESCRIPTION: **Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in block.def. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-45061](<https://vulners.com/cve/CVE-2022-45061>) \n** DESCRIPTION: **Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a CPU denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24434](<https://vulners.com/cve/CVE-2022-24434>) \n** DESCRIPTION: **Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a remote attacker could exploit this vulnerability to crash the node.js service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227085](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227085>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-38900](<https://vulners.com/cve/CVE-2022-38900>) \n** DESCRIPTION: **decode-uri-component is vulnerable to a denial of service, caused by improper input validation by the decodeComponents function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241069](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241069>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22569](<https://vulners.com/cve/CVE-2021-22569>) \n** DESCRIPTION: **Google Protocol Buffer (protobuf-java) is vulnerable to a denial of service, caused by an issue with allow interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open a specially-crafted content, a remote attacker could exploit this vulnerability to cause a timeout in ProtobufFuzzer function, and results in a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216851>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-5237](<https://vulners.com/cve/CVE-2015-5237>) \n** DESCRIPTION: **Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in MessageLite::SerializeToString. A remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105989>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-34165](<https://vulners.com/cve/CVE-2022-34165>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-24728](<https://vulners.com/cve/CVE-2022-24728>) \n** DESCRIPTION: **CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222035](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222035>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** IBM X-Force ID: **217346 \n** DESCRIPTION: **swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/217346 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** IBM X-Force ID: **221508 \n** DESCRIPTION: **Swagger UI could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the OpenAPI definitions. An attacker could exploit this vulnerability using the ?url parameter in a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/221508 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cognos Analytics| 11.2.x \nIBM Cognos Analytics| 11.1.x \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\n**Product(s) \n**| **Version(s) \n**| **Remediation/Fix/Instructions \n** \n---|---|--- \nIBM Cognos Analytics| \n\n11.2.x\n\n| \n\n[IBM Cognos Analytics 11.2.4.1 IF1](<https://www.ibm.com/support/pages/node/6982949>) \n \nIBM Cognos Analytics| \n\n11.1.x\n\n| \n\n[IBM Cognos Analytics 11.1.7 Fix Pack 7](<https://www.ibm.com/support/pages/node/6985631>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-05T16:01:31", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5237", "CVE-2021-22569", "CVE-2021-3516", "CVE-2021-3518", "CVE-2021-39036", "CVE-2022-21680", "CVE-2022-21681", "CVE-2022-24434", "CVE-2022-24728", "CVE-2022-24729", "CVE-2022-31129", "CVE-2022-3171", "CVE-2022-32212", "CVE-2022-32213", "CVE-2022-32214", "CVE-2022-32215", "CVE-2022-32223", "CVE-2022-34165", "CVE-2022-35255", "CVE-2022-35256", "CVE-2022-38900", "CVE-2022-39135", "CVE-2022-41881", "CVE-2022-43548", "CVE-2022-45061"], "modified": "2023-05-05T16:01:31", "id": "AB24944DBEBE38F0BC5C45F998163889F0AE20E03F8A7A1E3E7A7BAC40D872C2", "href": "https://www.ibm.com/support/pages/node/6986505", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:49:02", "description": "## Summary\n\nIBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment (CVE-2022-35255, CVE-2022-35256). Node-tar is a full function tar library for node.js (CVE-2018-20834). Swagger UI is used to visualize and interact with the API resources (CVE-2016-5682, CVE-2018-25031, CVE-2019-17495). FasterXML Jackson is a JSON to Java object conversion API (CVE-2022-42003, CVE-2022-42004). SnakeYAML is a Java-based YAML parsing and serialization library (CVE-2022-25857). CKEditor is a WYSIWYG rich text editor which can be directly inside web pages or application (CVE-2022-24728, CVE-2022-24729). Google protobuf-java is a neutral extensible mechanism for serializing structured data (CVE-2022-3171, CVE-2022-3509, CVE-2022-3510). JetBrains Kotlin is a cross-platform, statically typed, general-purpose programming language (CVE-2020-29582, CVE-2022-24329). Netty is a Java-based non-blocking I/O networking framework (CVE-2022-41881, CVE-2022-41915). Node.js qs is a query string parsing and stringifying library (CVE-2022-24999). MySQL (CVE-2022-39410, CVE-2022-21641, CVE-2022-39408, CVE-2022-39400, CVE-2022-21640, CVE-2022-21637, CVE-2022-21550, CVE-2022-21519, CVE-2022-21490). These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-20834](<https://vulners.com/cve/CVE-2018-20834>) \n** DESCRIPTION: **node-tar could allow a remote attacker to overwrite arbitrary files, caused by a conjunction when extracting a tarball containing a hardlink to a file. An attacker could exploit this vulnerability to overwrite arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161634](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161634>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-17495](<https://vulners.com/cve/CVE-2019-17495>) \n** DESCRIPTION: **Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path overwrite (RPO) attack technique, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169050](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169050>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-5682](<https://vulners.com/cve/CVE-2016-5682>) \n** DESCRIPTION: **Swagger-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Definitions section. A remote attacker could exploit this vulnerability using the 'Default' field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125372](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125372>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-25031](<https://vulners.com/cve/CVE-2018-25031>) \n** DESCRIPTION: **swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-39410](<https://vulners.com/cve/CVE-2022-39410>) \n** DESCRIPTION: **Oracle MySQL is vulnerable to a denial of service, caused by a flaw in the Optimizer component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a hang or frequently repeatable crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238757](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238757>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21641](<https://vulners.com/cve/CVE-2022-21641>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238774>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-39408](<https://vulners.com/cve/CVE-2022-39408>) \n** DESCRIPTION: **Oracle MySQL is vulnerable to a denial of service, caused by a flaw in the Optimizer component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a hang or frequently repeatable crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238755>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-39400](<https://vulners.com/cve/CVE-2022-39400>) \n** DESCRIPTION: **Oracle MySQL is vulnerable to a denial of service, caused by a flaw in the Optimizer component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a hang or frequently repeatable crash. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21640](<https://vulners.com/cve/CVE-2022-21640>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238773](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238773>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21637](<https://vulners.com/cve/CVE-2022-21637>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238770>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-29582](<https://vulners.com/cve/CVE-2020-29582>) \n** DESCRIPTION: **JetBrains Kotlin could allow a local authenticated attacker to obtain sensitive information, caused by an insecure permission flaw when creating temporary file and folder by the Java API. By gaining access to the temporary directory, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196239](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196239>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-25857](<https://vulners.com/cve/CVE-2022-25857>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-3171](<https://vulners.com/cve/CVE-2022-3171>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24729](<https://vulners.com/cve/CVE-2022-24729>) \n** DESCRIPTION: **CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a significant performance drop and results in a browser tab freeze. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222037](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222037>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24329](<https://vulners.com/cve/CVE-2022-24329>) \n** DESCRIPTION: **JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-3509](<https://vulners.com/cve/CVE-2022-3509>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for textformat data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239915](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239915>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-3510](<https://vulners.com/cve/CVE-2022-3510>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for Message-Type Extensions. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239916](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239916>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-35256](<https://vulners.com/cve/CVE-2022-35256>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-35255](<https://vulners.com/cve/CVE-2022-35255>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by the failure to check the return value after calls are made to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-41881](<https://vulners.com/cve/CVE-2022-41881>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause an infinite recursion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242087](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41915](<https://vulners.com/cve/CVE-2022-41915>) \n** DESCRIPTION: **Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker could exploit this vulnerability to inject arbitrary HTTP/1.1 response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-24999](<https://vulners.com/cve/CVE-2022-24999>) \n** DESCRIPTION: **Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24728](<https://vulners.com/cve/CVE-2022-24728>) \n** DESCRIPTION: **CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222035](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222035>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-21550](<https://vulners.com/cve/CVE-2022-21550>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231576](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231576>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21519](<https://vulners.com/cve/CVE-2022-21519>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231546](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231546>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21490](<https://vulners.com/cve/CVE-2022-21490>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Affected Version(s) \n---|--- \nIBM Planning Analytics Workspace| 2.0 \n \n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security update:\n\nProduct(s)| Versions(s)| Remediation/Fix/Instructions \n---|---|--- \nIBM Planning Analytics Workspace| 2.0| [Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 83 from Fix Central](<https://www.ibm.com/support/pages/node/6857261> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 83 from Fix Central\" ) \n \n \nThis Security Bulletin is applicable to IBM Planning Analytics 2.0 on premise offerings. The vulnerability listed above has been addressed on IBM Planning Analytics with Watson and no further action is required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-27T20:06:13", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5682", "CVE-2018-20834", "CVE-2018-25031", "CVE-2019-17495", "CVE-2020-29582", "CVE-2022-21490", "CVE-2022-21519", "CVE-2022-21550", "CVE-2022-21637", "CVE-2022-21640", "CVE-2022-21641", "CVE-2022-24329", "CVE-2022-24728", "CVE-2022-24729", "CVE-2022-24999", "CVE-2022-25857", "CVE-2022-3171", "CVE-2022-3509", "CVE-2022-3510", "CVE-2022-35255", "CVE-2022-35256", "CVE-2022-39400", "CVE-2022-39408", "CVE-2022-39410", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2023-01-27T20:06:13", "id": "E7E3551B3BD388636A37375B3F6439FA5E8D471B186B7E9F88305EC0A265E5D7", "href": "https://www.ibm.com/support/pages/node/6848023", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:51:47", "description": "## Summary\n\nIBM Data Risk Manager (IDRM) 2.0.6.14, which is the only supported version, is impacted by multiple vulnerabilities including Apache Commons Text 1.9 (CVE-2022-42889). The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.15 which includes Apache Commons Text 1.10. Please see the remediation steps below to apply the fix. All customers are encouraged to act quickly to update their systems.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-38750](<https://vulners.com/cve/CVE-2022-38750>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38751](<https://vulners.com/cve/CVE-2022-38751>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38749](<https://vulners.com/cve/CVE-2022-38749>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38752](<https://vulners.com/cve/CVE-2022-38752>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21541](<https://vulners.com/cve/CVE-2022-21541>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-21540](<https://vulners.com/cve/CVE-2022-21540>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-42252](<https://vulners.com/cve/CVE-2022-42252>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-31692](<https://vulners.com/cve/CVE-2022-31692>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher types. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authorization rules. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-31690](<https://vulners.com/cve/CVE-2022-31690>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239738](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239738>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-36033](<https://vulners.com/cve/CVE-2022-36033>) \n** DESCRIPTION: **jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-32250](<https://vulners.com/cve/CVE-2022-32250>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free write flaw in the netfilter subsystem. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-31160](<https://vulners.com/cve/CVE-2022-31160>) \n** DESCRIPTION: **jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-25857](<https://vulners.com/cve/CVE-2022-25857>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-34917](<https://vulners.com/cve/CVE-2022-34917>) \n** DESCRIPTION: **Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate large amounts of memory on brokers, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-35737](<https://vulners.com/cve/CVE-2022-35737>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an array-bounds overflow. By sending C API with specially-crafted string argument, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23457](<https://vulners.com/cve/CVE-2022-23457>) \n** DESCRIPTION: **ESAPI could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)`. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass control-flow. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225192](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225192>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-24891](<https://vulners.com/cve/CVE-2022-24891>) \n** DESCRIPTION: **ESAPI is vulnerable to cross-site scripting, caused by incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-31679](<https://vulners.com/cve/CVE-2022-31679>) \n** DESCRIPTION: **VMWare Spring Data REST could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-7226](<https://vulners.com/cve/CVE-2020-7226>) \n** DESCRIPTION: **Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decode operation in CiphertextHeader.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175399](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175399>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-3676](<https://vulners.com/cve/CVE-2022-3676>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239608](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239608>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-40149](<https://vulners.com/cve/CVE-2022-40149>) \n** DESCRIPTION: **jettison-json Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236352](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236352>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40150](<https://vulners.com/cve/CVE-2022-40150>) \n** DESCRIPTION: **jettison-json Jettison is vulnerable to a denial of service, caused by an out of memory flaw. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21628](<https://vulners.com/cve/CVE-2022-21628>) \n** DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238623](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238623>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21624](<https://vulners.com/cve/CVE-2022-21624>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21619](<https://vulners.com/cve/CVE-2022-21619>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-36518](<https://vulners.com/cve/CVE-2020-36518>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-2163](<https://vulners.com/cve/CVE-2021-2163>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200292](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200292>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-2625](<https://vulners.com/cve/CVE-2022-2625>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of the modification of dynamically-determined object attributes. By creating a specially-crafted object using at least one schema, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233970>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-3171](<https://vulners.com/cve/CVE-2022-3171>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-31197](<https://vulners.com/cve/CVE-2022-31197>) \n** DESCRIPTION: **PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to PGJDBC implementation of the java.sql.ResultRow.refreshRow() method, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232820](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232820>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-31129](<https://vulners.com/cve/CVE-2022-31129>) \n** DESCRIPTION: **Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230690>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24785](<https://vulners.com/cve/CVE-2022-24785>) \n** DESCRIPTION: **Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafted locale string containing \"dot dot\" sequences (/../) to switch arbitrary moment locale. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **186425 \n** DESCRIPTION: **The jose.4.j library could allow a remote attacker to obtain sensitive information, caused by an Elliptic Curve Key Disclosure if the JWK's Header Parameter includes the public key. An attacker could generate a private key/public key pair and send the public key together with the signature resulting in the invalidation of the signature. \nCVSS Base score: 8.7 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/186425 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DRM| 2.0.6.14 \n \n\n\n## Remediation/Fixes\n\nTo obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.14, and then apply the latest FixPack 2.0.6.15.\n\n_Product_| _VRMF_| _APAR \n_| _Remediation / First Fix_ \n---|---|---|--- \nIBM Data Risk Manager| 2.0.6.14| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.15_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.14&platform=Linux&function=all> \"DRM_2.0.6.15_FixPack\" ) \n \n---|---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T04:10:27", "type": "ibm", "title": "Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36518", "CVE-2020-7226", "CVE-2021-2163", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-23457", "CVE-2022-24785", "CVE-2022-24891", "CVE-2022-25857", "CVE-2022-2625", "CVE-2022-31129", "CVE-2022-31160", "CVE-2022-31197", "CVE-2022-31679", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3171", "CVE-2022-32250", "CVE-2022-33980", "CVE-2022-34917", "CVE-2022-35737", "CVE-2022-36033", "CVE-2022-3676", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42252", "CVE-2022-42889"], "modified": "2022-12-08T04:10:27", "id": "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "href": "https://www.ibm.com/support/pages/node/6846157", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:10:24", "description": "## Summary\n\nCloud Pak for Automation has released cummulative security fixes addressing vulnerabilities in several of its components.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-37701](<https://vulners.com/cve/CVE-2021-37701>) \n**DESCRIPTION: **Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file creation/overwrite vulnerability. By creating a directory, and then replacing that directory with a symlink, an attacker could use an untrusted tar file to symlink into an arbitrary location and extract arbitrary files into that location to create or overwrite arbitrary files and execute arbitrary code on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2021-23840](<https://vulners.com/cve/CVE-2021-23840>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-23841](<https://vulners.com/cve/CVE-2021-23841>) \n**DESCRIPTION

Oracle Business Intelligence Publisher 5.9.x &lt; 5.9.0(OAS) (Oct 2022 CPU)

Description

Related

Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)