ROS-20251216-7307

A vulnerability in the FTP Client component of the Apache Commons Net library is related to the use of open redirection with insufficient input data validation during PASV response processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected...

EUVD-2022-7599

Malicious code in bioql PyPI...

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure due to Apache Commons Net FTP client behavior (CVE-2021-37533)

Summary Apache Commons Net could allow an attacker to cause information exposure due to improper input validation in the FTP client component. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default....

MAL-2025-3616 Malicious code in commons-net (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01fc821715d3f327c2080415c9a3db5c0f95a8a9f36135b0e6efb377796227da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in commons-net (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01fc821715d3f327c2080415c9a3db5c0f95a8a9f36135b0e6efb377796227da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2021-37533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a...

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure (CVE-2021-37533)

Summary IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure CVE-2021-37533 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP clien...

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

OPENSUSE-SU-2024:12549-1 apache-commons-net-3.9.0-1.1 on GA media

These are all security issues fixed in the apache-commons-net-3.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-26049 -...

RHEL 7 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - UNSUPPORTED WHEN ASSIGNED When using...

RHEL 8 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

pki-core:10.6 and pki-deps:10.6 security update

apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent 49-1 - Rebase to upstream version 49 26-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 26-5 - Fix license tag 26-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Commons Net (CVE-2032-37533)

Summary The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Commons Net. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain...

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with...

[SECURITY] Fedora 40 Update: apache-commons-net-3.10.0-5.fc40

This is an Internet protocol suite Java library originally developed by ORO, Inc. This version supports Finger, Whois, TFTP, Telnet, POP3, FTP, NNTP, SMTP, and some miscellaneous protocols like Time and Echo as well as BSD R command support. The purpose of the library is to provide fundamental...

Security Bulletin: There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service (CVE-2021-37533)

Summary There is a vulnerability in Apache Commons Net used by IBM Jazz Reporting Service. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV...

Security Bulletin: Vulnerability found in commons-net-1.4.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-37533)

Summary Vulnerability have been identified in commons-net-1.4.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Addressing the Security vulnerability CVE-2021-37533 found in commons-net-1.4.1.jar

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following commons-net-1.4.1.jar vulnerability and updated commons-net-1.4.1.jar to version 3.9.0 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow ...