Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-33900
HistoryJul 26, 2021 - 7:15 a.m.

CVE-2021-33900

2021-07-2607:15:07
CWE-311
CWE-319
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

21.8%

JSON

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

Affected configurations

NVD
Node
apachedirectory_studioRange1.5.3
OR
apachedirectory_studioMatch2.0.0milestone1
OR
apachedirectory_studioMatch2.0.0milestone10
OR
apachedirectory_studioMatch2.0.0milestone11
OR
apachedirectory_studioMatch2.0.0milestone12
OR
apachedirectory_studioMatch2.0.0milestone13
OR
apachedirectory_studioMatch2.0.0milestone14
OR
apachedirectory_studioMatch2.0.0milestone15
OR
apachedirectory_studioMatch2.0.0milestone16
OR
apachedirectory_studioMatch2.0.0milestone2
OR
apachedirectory_studioMatch2.0.0milestone3
OR
apachedirectory_studioMatch2.0.0milestone4
OR
apachedirectory_studioMatch2.0.0milestone5
OR
apachedirectory_studioMatch2.0.0milestone6
OR
apachedirectory_studioMatch2.0.0milestone7
OR
apachedirectory_studioMatch2.0.0milestone8
OR
apachedirectory_studioMatch2.0.0milestone9

Related

github 1
cve 1
veracode 1
prion 1
cvelist 1
ubuntucve 1
osv 2
github
github
Missing encryption in Apache Directory Studio
2021-08-09 20:40:53
cve
cve
CVE-2021-33900
2021-07-26 07:15:07
veracode
veracode
Confidentiality Protection Bypass
2021-08-11 08:49:38
prion
prion
Authentication flaw
2021-07-26 07:15:00
cvelist
cvelist
CVE-2021-33900 StartTLS and SASL confidentiality protection bypass
2021-07-26 07:05:10
ubuntucve
ubuntucve
CVE-2021-33900
2021-07-26 00:00:00
osv
osv
Missing encryption in Apache Directory Studio
2021-08-09 20:40:53
CVE-2021-33900
2021-07-26 07:15:07

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

21.8%

JSON
Related for NVD:CVE-2021-33900
github1cve1veracode1prion1cvelist1ubuntucve1osv2