46 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)
Summary A vulnerability in Apache Commons Net used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use FTE nodes may be vulnerable to loss of confidentiality due to [CVE-2021-37533]
Summary Apache Commons Net is used by IBM App Connect Enterprise Certified Container in the FTE Nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use FTE nodes may be vulnerable to loss of confidentiality. This bulletin provides patch...
USN-6037-1 Apache Commons Net vulnerability
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Commons Net vulnerability (USN-6037-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6037-1 advisory. ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)
Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution from Apache Commons Net (CVE-2021-37533)
Summary Apache Common Net is used by IBM Tivoli Netcool Impact to provide telnet connectivity for the CommandResponse service. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to...
Security Bulletin: IBM MQ is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)
Summary IBM MQ Managed File Transfer is affected by a vulnerability in Apache Commons Net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusting the host from PASV...
CVE-2021-37533
A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of...
SUSE CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
The vulnerability of the FTP Client component in the Apache Commons Net library allows a hacker to gain unauthorized access to protected information and perform a CSRF attack.
The vulnerability of the FTP Client component in the Apache Commons Net library arises from the use of open redirection when input data is not properly verified during the processing of PASV responses. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...
Apache Commons Net < 3.9.0 Information Disclosure Vulnerability
The Apache Commons Net library is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
GHSA-CGP8-4M63-FHH5 Apache Commons Net vulnerable to information leakage via malicious server
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
Apache Commons Net vulnerable to information leakage via malicious server
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
DEBIAN-CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
Design/Logic Flaw
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
UBUNTU-CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...