Lucene search
+L

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/04/20 10:39 a.m.36 views

Security Bulletin: IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service (CVE-2021-31403, CVE-2021-33609)

Summary IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service due to vulnerabilities in Vaadin JAR. The fix involves upgrading the Vaadin JAR to the patched version. Vulnerability Details CVEID:CVE-2021-31403 DESCRIPTION: Vaadin could allow a local...

4.3CVSS5.2AI score0.00915EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 12:42 p.m.29 views

Security Bulletin: IBM Security Verify Governance is vulnerable to sensitive information exposure (CVE-2021-31403)

Summary IBM Security Verify Governance is vulnerable to sensitive information exposure due to vulnerabilities in Vaadin JAR CVE-2021-31403. The fix involves upgrading the Vaadin JAR to the patched version. Vulnerability Details CVEID:CVE-2021-31403 DESCRIPTION: Vaadin could allow a local attacker...

4CVSS4.4AI score0.00306EPSS
Exploits0Affected Software1
CVE
CVE
added 2021/04/23 4:5 p.m.210 views

CVE-2021-31403

CVE-2021-31403 is a timing-side-channel vulnerability in Vaadin’s UIDL request handler (com.vaadin:vaadin-server). A non-constant-time comparison of CSRF tokens can let a local attacker guess the token. Affected are Vaadin Server versions: 7.0.0–7.7.23 and 8.0.0–8.12.2. IBM advisories describe it...

4CVSS3.6AI score0.00306EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.4 views

ca.qc.ircm:plate-layout (=0.8), com.github.mvysny.karibudsl:karibu-dsl-v8 (>=1.0.0 <=1.0.4) +65 more potentially affected by CVE-2021-31403 via com.vaadin:vaadin-server (>=8.0.0 <=8.12.2)

com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =1.0.0, =2.0.3, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.12.2 and more Source cves: CVE-2021-31403 Source advisory: OSV:GHSA-75XC-QVXH-27F8...

4CVSS5.8AI score0.00306EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/19 2:51 p.m.62 views

Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack -...

4CVSS3.9AI score0.00306EPSS
Exploits0References6Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/02/12 9:17 a.m.2 views

CVE-2021-31403

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack...

4CVSS6.1AI score0.00306EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder