6 matches found
Security Bulletin: IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service (CVE-2021-31403, CVE-2021-33609)
Summary IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service due to vulnerabilities in Vaadin JAR. The fix involves upgrading the Vaadin JAR to the patched version. Vulnerability Details CVEID:CVE-2021-31403 DESCRIPTION: Vaadin could allow a local...
Security Bulletin: IBM Security Verify Governance is vulnerable to sensitive information exposure (CVE-2021-31403)
Summary IBM Security Verify Governance is vulnerable to sensitive information exposure due to vulnerabilities in Vaadin JAR CVE-2021-31403. The fix involves upgrading the Vaadin JAR to the patched version. Vulnerability Details CVEID:CVE-2021-31403 DESCRIPTION: Vaadin could allow a local attacker...
CVE-2021-31403
CVE-2021-31403 is a timing-side-channel vulnerability in Vaadin’s UIDL request handler (com.vaadin:vaadin-server). A non-constant-time comparison of CSRF tokens can let a local attacker guess the token. Affected are Vaadin Server versions: 7.0.0–7.7.23 and 8.0.0–8.12.2. IBM advisories describe it...
ca.qc.ircm:plate-layout (=0.8), com.github.mvysny.karibudsl:karibu-dsl-v8 (>=1.0.0 <=1.0.4) +65 more potentially affected by CVE-2021-31403 via com.vaadin:vaadin-server (>=8.0.0 <=8.12.2)
com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =1.0.0, =2.0.3, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.12.2 and more Source cves: CVE-2021-31403 Source advisory: OSV:GHSA-75XC-QVXH-27F8...
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack -...
CVE-2021-31403
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack...