Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/04/20 10:39 a.m.36 views

Security Bulletin: IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service (CVE-2021-31403, CVE-2021-33609)

Summary IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service due to vulnerabilities in Vaadin JAR. The fix involves upgrading the Vaadin JAR to the patched version. Vulnerability Details CVEID:CVE-2021-31403 DESCRIPTION: Vaadin could allow a local...

4.3CVSS5.2AI score0.00915EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/10/13 6:54 p.m.4 views

ca.qc.ircm:plate-layout (=0.8), com.github.mvysny.karibudsl:karibu-dsl-v8 (>=1.0.0 <=1.0.8) +68 more potentially affected by CVE-2021-33609 via com.vaadin:vaadin-server (>=8.0.0 <=8.14.0)

com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =2.0.0, =1.0.0, =2.0.3, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.14.0 and more Source cves: CVE-2021-33609 Source advisory: OSV:GHSA-J23J-Q57M-63V3...

4.3CVSS5.8AI score0.00915EPSS
Exploits0
NVD
NVD
added 2021/10/13 11:15 a.m.15 views

CVE-2021-33609

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

4.3CVSS0.00915EPSS
Exploits0References2
OSV
OSV
added 2021/10/13 11:15 a.m.36 views

CVE-2021-33609

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

4.3CVSS4.5AI score0.00915EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/13 10:58 a.m.25 views

CVE-2021-33609 Denial of service in DataCommunicator class in Vaadin 8

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

4.3CVSS4.8AI score0.00915EPSS
Exploits0References2
CVE
CVE
added 2021/10/13 10:58 a.m.245 views

CVE-2021-33609

CVE-2021-33609 affects Vaadin’s DataCommunicator in com.vaadin:vaadin-server, with versions 8.0.0–8.14.0 vulnerable to heap exhaustion when an authenticated network attacker requests too many rows of data. Connected sources consistently describe this as a Denial of Service by missing a check in D...

4.3CVSS4.4AI score0.00915EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder