ID

VAR-202012-1564


CVE

CVE-2020-17521


TITLE

Apache Groovy  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014820

DESCRIPTION

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. Apache Groovy Contains an unspecified vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Groovy is an object-oriented programming language based on the Java platform developed by the Apache Foundation of the United States. Security Fix(es): * log4j-core (CVE-2020-9488, CVE-2021-44228) * nodejs-lodash (CVE-2019-10744) * libthrift (CVE-2020-13949) * xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351) * undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690) * xmlbeans (CVE-2021-23926) * batik (CVE-2020-11987) * xmlgraphics-commons (CVE-2020-11988) * tomcat (CVE-2020-13943) * bouncycastle (CVE-2020-15522, CVE-2020-15522) * groovy (CVE-2020-17521) * tomcat (CVE-2020-17527) * jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428) * jackson-dataformat-cbor (CVE-2020-28491) * jboss-remoting (CVE-2020-35510) * kubernetes-client (CVE-2021-20218) * netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409) * spring-web (CVE-2021-22118) * cxf-core (CVE-2021-22696) * json-smart (CVE-2021-27568) * jakarta.el (CVE-2021-28170) * commons-io (CVE-2021-29425) * sshd-core (CVE-2021-30129) * cxf-rt-rs-json-basic (CVE-2021-30468) * netty-codec (CVE-2021-37136, CVE-2021-37137) * jsoup (CVE-2021-37714) * poi (CVE-2019-12415) * mysql-connector-java (CVE-2020-2875, CVE-2020-2934) * wildfly (CVE-2021-3536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Integration Camel-K 1.4 release and security update Advisory ID: RHSA-2021:3205-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2021:3205 Issue date: 2021-08-18 Cross references: RHBA-2021:79512-01 CVE Names: CVE-2020-13920 CVE-2020-17518 CVE-2020-17521 CVE-2020-26238 CVE-2020-27222 CVE-2020-27782 CVE-2020-28052 CVE-2020-29582 CVE-2021-20218 CVE-2021-27807 CVE-2021-27906 CVE-2021-30468 CVE-2021-31811 ===================================================================== 1. Summary: A minor version update (from 1.3 to 1.4) is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: A minor version update (from 1.3 to 1.4) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238) * californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222) * undertow: special character in query results in server errors (CVE-2020-27782) * bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052) * activemq: improper authentication allows MITM attack (CVE-2020-13920) * flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518) * groovy: OS temporary directory leads to information disclosure (CVE-2020-17521) * kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) * pdfbox: infinite loop while loading a crafted PDF file (CVE-2021-27807) * cxf-rt-rs-json-basic: CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (CVE-2021-30468) * kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582) * pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-27906) * pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-31811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1901304 - CVE-2020-27782 undertow: special character in query results in server errors 1901655 - CVE-2020-26238 cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1930230 - CVE-2020-27222 californium-core: DTLS - DoS vulnerability for certificate based handshakes 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1971648 - CVE-2021-31811 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter 5. References: https://access.redhat.com/security/cve/CVE-2020-13920 https://access.redhat.com/security/cve/CVE-2020-17518 https://access.redhat.com/security/cve/CVE-2020-17521 https://access.redhat.com/security/cve/CVE-2020-26238 https://access.redhat.com/security/cve/CVE-2020-27222 https://access.redhat.com/security/cve/CVE-2020-27782 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2020-29582 https://access.redhat.com/security/cve/CVE-2021-20218 https://access.redhat.com/security/cve/CVE-2021-27807 https://access.redhat.com/security/cve/CVE-2021-27906 https://access.redhat.com/security/cve/CVE-2021-30468 https://access.redhat.com/security/cve/CVE-2021-31811 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html/getting_started_with_camel_k/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q3 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRzPW9zjgjWX9erEAQiQhg//Wv8T0xe0RsVX2iYN5d3OYHtnEAFu2iyQ sLt4E+Ed6nR95DkWfqbC/YIpE2w9UXgZXYG31Roup+zGNYScSpkUliOyH8rPoH2R TKWcUOQ5FzhDtWvrpss3x7fZ9dCXw6d38FRPCLby9Z05I9fLGTjqRcZQr7W3jz9t xiTdEhGKED4cgnwpPkUIBiSOF5bAhDAhYmXw0e2wvm/1XhhAOcA85U0d0Ac9lLjS y07agVx5UZxEDd5rT7ATPlJwfprNQUJKb5Zg+RCOEs5vLMVRHajuW7rG0z+FfhdK ckz3nektLdOJDcaZj/MdjqB+MZtuXJ48WzBnmKRpCeS/FIOp9XrM0xjrYjCB1Eu6 ls03UI6sbg0zi+fw995mNNoKoq7ErEzKGN1ROh693P0fNGJkvxDopP3GEChTjsMZ PJTOyKQyRQ4B5OXmemsoBiwiggmCX3E0rvF1dNCfYA4kWRth/B4A3MaTvpcnm1kO rZKRbCLDQ2rCbtyKLSn/vROi6RYn/4wtz3IudJCZsZXWVAh48iGhLPxYwxabwbyi rgcslBGkdjdlC+RhKmlPnDyV+q0P+uPupoRCaMKBsIZwdfO9oUZ3Zq/FqfVsab/L 5rv8NunH7+HHXMEx6wBNfqLtQ0pvCmJu/lD719jibgIgK0zZ00tQ54Z25X38C0v6 tw7zI6hjLQY= =rVez -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.61

sources: NVD: CVE-2020-17521 // JVNDB: JVNDB-2020-014820 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-170708 // VULMON: CVE-2020-17521 // PACKETSTORM: 165294 // PACKETSTORM: 163874 // PACKETSTORM: 163872

AFFECTED PRODUCTS

vendor:apachemodel:atlasscope:eqversion:2.1.0

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:apachemodel:groovyscope:gteversion:2.5.0

Trust: 1.0

vendor:apachemodel:groovyscope:eqversion:4.0.0

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:eqversion:6.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:apachemodel:groovyscope:gteversion:3.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:communications evolved communications application serverscope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.5

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:agile plm mcad connectorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:lteversion:11.3.1

Trust: 1.0

vendor:oraclemodel:healthcare data repositoryscope:eqversion:7.0.2

Trust: 1.0

vendor:oraclemodel:agile plm mcad connectorscope:eqversion:3.6

Trust: 1.0

vendor:oraclemodel:ilearningscope:eqversion:6.3

Trust: 1.0

vendor:apachemodel:groovyscope:gteversion:2.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:11.3.0.9.0

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3.5

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:apachemodel:groovyscope:lteversion:3.0.6

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.4.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.10

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone orchestratorscope:eqversion:9.2.6.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:apachemodel:groovyscope:lteversion:2.4.20

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:12.0.0.3

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:gteversion:11.0

Trust: 1.0

vendor:apachemodel:groovyscope:lteversion:2.5.13

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.10

Trust: 1.0

vendor:oraclemodel:hospitality opera 5scope:eqversion:5.6

Trust: 1.0

vendor:oraclemodel:ilearningscope:eqversion:6.2

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:eqversion:6.1

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:15.0.3.0

Trust: 1.0

vendor:netappmodel:snapcenterscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail bulk data integrationscope: - version: -

Trust: 0.8

vendor:apachemodel:groovyscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014820 // NVD: CVE-2020-17521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-17521
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-17521
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202012-422
value: MEDIUM

Trust: 0.6

VULHUB: VHN-170708
value: LOW

Trust: 0.1

VULMON: CVE-2020-17521
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-17521
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-170708
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-17521
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-17521
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-170708 // VULMON: CVE-2020-17521 // JVNDB: JVNDB-2020-014820 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202012-422 // NVD: CVE-2020-17521

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014820 // NVD: CVE-2020-17521

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-422

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202012-422

PATCH

title:Oracle Critical Patch Update Advisory - January 2021 Oracle Critical Patch Updateurl:https://groovy-lang.org/security.html#CVE-2020-17521

Trust: 0.8

title:Debian CVElist Bug Report Logs: groovy: CVE-2020-17521url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1839dbcc81a10721ccd2ba081478e2ca

Trust: 0.1

title:Arch Linux Advisories: [ASA-202103-14] groovy: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202103-14

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-17521 log

Trust: 0.1

sources: VULMON: CVE-2020-17521 // JVNDB: JVNDB-2020-014820

EXTERNAL IDS

db:NVDid:CVE-2020-17521

Trust: 2.9

db:PACKETSTORMid:165294

Trust: 0.8

db:JVNDBid:JVNDB-2020-014820

Trust: 0.8

db:CNNVDid:CNNVD-202012-422

Trust: 0.7

db:PACKETSTORMid:163872

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042631

Trust: 0.6

db:CS-HELPid:SB2022042297

Trust: 0.6

db:CS-HELPid:SB2022072096

Trust: 0.6

db:CS-HELPid:SB2021072130

Trust: 0.6

db:CS-HELPid:SB2021042306

Trust: 0.6

db:CS-HELPid:SB2021042549

Trust: 0.6

db:AUSCERTid:ESB-2021.2816

Trust: 0.6

db:AUSCERTid:ESB-2021.4253

Trust: 0.6

db:AUSCERTid:ESB-2020.4535

Trust: 0.6

db:VULHUBid:VHN-170708

Trust: 0.1

db:VULMONid:CVE-2020-17521

Trust: 0.1

db:PACKETSTORMid:163874

Trust: 0.1

sources: VULHUB: VHN-170708 // VULMON: CVE-2020-17521 // JVNDB: JVNDB-2020-014820 // PACKETSTORM: 165294 // PACKETSTORM: 163874 // PACKETSTORM: 163872 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202012-422 // NVD: CVE-2020-17521

REFERENCES

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://groovy-lang.org/security.html#cve-2020-17521

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20201218-0006/

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-17521

Trust: 1.7

url:https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3cdev.atlas.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3cdev.atlas.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3@%3cdev.atlas.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08@%3cdev.atlas.apache.org%3e

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072130

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-groovy-information-disclosure-via-temporary-directories-34170

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042297

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6485653

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072096

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2816

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042306

Trust: 0.6

url:https://packetstormsecurity.com/files/163872/red-hat-security-advisory-2021-3205-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042549

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4253

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4535/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042631

Trust: 0.6

url:https://packetstormsecurity.com/files/165294/red-hat-security-advisory-2021-5134-05.html

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-17521

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20218

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-27782

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27782

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20218

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-30468

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13920

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27222

Trust: 0.2

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version=2021-q3

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27222

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-17518

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13920

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-26238

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-17518

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26238

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977399

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2020-17521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37714

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35510

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2875

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3690

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28164

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12415

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11988

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9488

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28491

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2875

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21350

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21349

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12415

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26217

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3597

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11987

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21295

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21295

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.10.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34428

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3536

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27223

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29425

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11987

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35510

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13943

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13949

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9488

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28491

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27223

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5134

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11988

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13949

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21343

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22118

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3207

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html-single/getting_started_with_camel_quarkus_extensions/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27906

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28052

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27807

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html/getting_started_with_camel_k/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28052

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3205

Trust: 0.1

sources: VULHUB: VHN-170708 // VULMON: CVE-2020-17521 // JVNDB: JVNDB-2020-014820 // PACKETSTORM: 165294 // PACKETSTORM: 163874 // PACKETSTORM: 163872 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202012-422 // NVD: CVE-2020-17521

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 165294 // PACKETSTORM: 163874 // PACKETSTORM: 163872

SOURCES

db:VULHUBid:VHN-170708
db:VULMONid:CVE-2020-17521
db:JVNDBid:JVNDB-2020-014820
db:PACKETSTORMid:165294
db:PACKETSTORMid:163874
db:PACKETSTORMid:163872
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202012-422
db:NVDid:CVE-2020-17521

LAST UPDATE DATE

2024-11-23T20:05:18.704000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-170708date:2022-07-25T00:00:00
db:VULMONid:CVE-2020-17521date:2021-04-23T00:00:00
db:JVNDBid:JVNDB-2020-014820date:2021-09-01T03:07:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202012-422date:2022-07-26T00:00:00
db:NVDid:CVE-2020-17521date:2024-11-21T05:08:16.887

SOURCES RELEASE DATE

db:VULHUBid:VHN-170708date:2020-12-07T00:00:00
db:VULMONid:CVE-2020-17521date:2020-12-07T00:00:00
db:JVNDBid:JVNDB-2020-014820date:2021-09-01T00:00:00
db:PACKETSTORMid:165294date:2021-12-15T15:25:47
db:PACKETSTORMid:163874date:2021-08-18T15:25:13
db:PACKETSTORMid:163872date:2021-08-18T15:23:11
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202012-422date:2020-12-07T00:00:00
db:NVDid:CVE-2020-17521date:2020-12-07T20:15:12.633