45 matches found
ROS-20251216-7307
A vulnerability in the FTP Client component of the Apache Commons Net library is related to the use of open redirection with insufficient input data validation during PASV response processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected...
EUVD-2022-7599
Malicious code in bioql PyPI...
Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure due to Apache Commons Net FTP client behavior (CVE-2021-37533)
Summary Apache Commons Net could allow an attacker to cause information exposure due to improper input validation in the FTP client component. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default....
Linux Distros Unpatched Vulnerability : CVE-2021-37533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a...
Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure (CVE-2021-37533)
Summary IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure CVE-2021-37533 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP clien...
RHEL 9 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...
RHEL 7 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - UNSUPPORTED WHEN ASSIGNED When using...
RHEL 9 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-26049 -...
RHEL 8 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...
pki-core:10.6 and pki-deps:10.6 security update
apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent 49-1 - Rebase to upstream version 49 26-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 26-5 - Fix license tag 26-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Commons Net (CVE-2032-37533)
Summary The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Commons Net. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain...
Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533
Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with...
[SECURITY] Fedora 40 Update: apache-commons-net-3.10.0-5.fc40
This is an Internet protocol suite Java library originally developed by ORO, Inc. This version supports Finger, Whois, TFTP, Telnet, POP3, FTP, NNTP, SMTP, and some miscellaneous protocols like Time and Echo as well as BSD R command support. The purpose of the library is to provide fundamental...
Security Bulletin: There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service (CVE-2021-37533)
Summary There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to sensitive info exposure due to Apache Commons Net (CVE-2021-37533)
Summary IBM Sterling Connect:Direct Web Services uses Apache Commons Net which has a sensitive information exposure via remote attacker vulnerability. Issue has been addressed. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain...
Security Bulletin: There is a vulnerability in Apache Commons Net used by IBM Maximo Asset Management (CVE-2021-37533)
Summary There is a vulnerability in Apache Commons Net used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to remote code execution due to Apache Commons Net (CVE-2021-37533)
Summary Apache Commons Net is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastructure. Information about security vulnerabilities affecting Apache Commons Net has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache...
apache-commons-net: FTP client trusts the host from PASV response by default
A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a local user accessing sensitive information due to IBM MQ Managed File Transfer and Apache Commons Net (CVE-2021-37533, CVE-2022-42436, CVE-2022-43919)
Summary IBM App Connect Enterprise and IBM Integration Bus FTE nodes are vulnerable to an issue in IBM MQ Managed File Transfer where a local user can obtain sensitive information from diagnostic files and Apache Commons Net could allow a remote attack CVE-2021-37533, CVE-2022-42436,...
Security Bulletin: There is a vulnerability in Apache Commons Net used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2021-37533)
Summary There is a vulnerability in Apache Commons Net used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP...