Lucene search
+L

46 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 6:2 p.m.37 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)

Summary A vulnerability in Apache Commons Net used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from...

6.5CVSS6.3AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 3:25 p.m.51 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS7.5AI score0.0276EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:46 a.m.47 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use FTE nodes may be vulnerable to loss of confidentiality due to [CVE-2021-37533]

Summary Apache Commons Net is used by IBM App Connect Enterprise Certified Container in the FTE Nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use FTE nodes may be vulnerable to loss of confidentiality. This bulletin provides patch...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/04/28 10:19 a.m.8 views

USN-6037-1 Apache Commons Net vulnerability

ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private...

6.5CVSS6.8AI score0.01858EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/25 12:0 a.m.29 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Commons Net vulnerability (USN-6037-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6037-1 advisory. ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote...

6.5CVSS6.5AI score0.01858EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:16 p.m.36 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)

Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 8:13 p.m.69 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution from Apache Commons Net (CVE-2021-37533)

Summary Apache Common Net is used by IBM Tivoli Netcool Impact to provide telnet connectivity for the CommandResponse service. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to...

6.5CVSS6.3AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 10:16 p.m.61 views

Security Bulletin: IBM MQ is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)

Summary IBM MQ Managed File Transfer is affected by a vulnerability in Apache Commons Net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusting the host from PASV...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2023/02/15 6:59 a.m.32 views

CVE-2021-37533

A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of...

6.5CVSS6.5AI score0.01858EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.6 views

SUSE CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS8.2AI score0.01858EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/01/13 12:0 a.m.7 views

The vulnerability of the FTP Client component in the Apache Commons Net library allows a hacker to gain unauthorized access to protected information and perform a CSRF attack.

The vulnerability of the FTP Client component in the Apache Commons Net library arises from the use of open redirection when input data is not properly verified during the processing of PASV responses. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

7.8CVSS6.4AI score0.01858EPSS
Exploits0References8Affected Software4
OpenVAS
OpenVAS
added 2022/12/05 12:0 a.m.29 views

Apache Commons Net < 3.9.0 Information Disclosure Vulnerability

The Apache Commons Net library is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.7AI score0.01858EPSS
Exploits0References3
OSV
OSV
added 2022/12/03 3:30 p.m.42 views

GHSA-CGP8-4M63-FHH5 Apache Commons Net vulnerable to information leakage via malicious server

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS6.6AI score0.01858EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/12/03 3:30 p.m.67 views

Apache Commons Net vulnerable to information leakage via malicious server

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS6.6AI score0.01858EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2022/12/03 3:15 p.m.29 views

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS0.01858EPSS
Exploits0References4
OSV
OSV
added 2022/12/03 3:15 p.m.39 views

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS6.4AI score
Exploits0References4
OSV
OSV
added 2022/12/03 3:15 p.m.3 views

DEBIAN-CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS6.4AI score0.01858EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/12/03 3:15 p.m.71 views

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS6.7AI score0.01858EPSS
Exploits0References5
Prion
Prion
added 2022/12/03 3:15 p.m.24 views

Design/Logic Flaw

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

4.3CVSS6.4AI score0.01858EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/12/03 3:15 p.m.6 views

UBUNTU-CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS6.8AI score0.01858EPSS
Exploits0References6
Rows per page
Query Builder