Sign-up

ID

VAR-202103-1568


CVE

CVE-2021-21783


TITLE

Genivia gSOAP  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010931

DESCRIPTION

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Genivia gSOAP Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Genivia gSOAP is a C/C++ software development toolkit with automatic coding function of Genivia Company in the United States

Trust: 1.8

sources: NVD: CVE-2021-21783 // JVNDB: JVNDB-2021-010931 // VULHUB: VHN-380187 // VULMON: CVE-2021-21783

AFFECTED PRODUCTS

vendor:oraclemodel:communications lsmsscope:eqversion:13.4

Trust: 1.0

vendor:oraclemodel:tekelec virtual operating environmentscope:gteversion:3.4.0

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:lteversion:16.4.0

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:eqversion:13.3

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:46.8

Trust: 1.0

vendor:geniviamodel:gsoapscope:eqversion:2.8.107

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:eqversion:13.2

Trust: 1.0

vendor:oraclemodel:tekelec virtual operating environmentscope:lteversion:3.7.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:eqversion:13.1

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:46.7

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:46.9

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:gteversion:16.1.0

Trust: 1.0

vendor:オラクルmodel:oracle communications diameter signaling routerscope: - version: -

Trust: 0.8

vendor:geniviamodel:gsoapscope: - version: -

Trust: 0.8

vendor:オラクルmodel:tekelec virtual operating environmentscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications eagle application processorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications lsmsscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications eagle lnp application processorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010931 // NVD: CVE-2021-21783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21783
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2021-21783
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-21783
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202103-1447
value: CRITICAL

Trust: 0.6

VULHUB: VHN-380187
value: HIGH

Trust: 0.1

VULMON: CVE-2021-21783
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-21783
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-380187
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2021-21783
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-21783
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-380187 // VULMON: CVE-2021-21783 // JVNDB: JVNDB-2021-010931 // CNNVD: CNNVD-202103-1447 // NVD: CVE-2021-21783 // NVD: CVE-2021-21783

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:CWE-680

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380187 // JVNDB: JVNDB-2021-010931 // NVD: CVE-2021-21783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1447

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1447

PATCH

title:Oracle Critical Patch Update Advisory - January 2022url:https://www.genivia.com/index.html

Trust: 0.8

title:Debian CVElist Bug Report Logs: CVE-2021-21783url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f4c14e58156c700a35e3d7ad6ba7fd0a

Trust: 0.1

title:IBM: Security Bulletin: Vulnerabilities is Genivia gSOAP affect IBM Spectrum Protect for Virtual Environments: Data Protection for VMware (CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576, CVE-2020-21783)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ff67f38ec9a370b623ef2713226a0e72

Trust: 0.1

title:IBM: Security Bulletin: Vulnerabilities is Genivia gSOAP affect IBM Spectrum Protect for Virtual Environments: Data Protection for VMware (CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576, CVE-2020-21783)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b79ccb42d6990faf9d9a82083f463101

Trust: 0.1

sources: VULMON: CVE-2021-21783 // JVNDB: JVNDB-2021-010931

EXTERNAL IDS

db:NVDid:CVE-2021-21783

Trust: 3.4

db:TALOSid:TALOS-2021-1245

Trust: 2.6

db:JVNDBid:JVNDB-2021-010931

Trust: 0.8

db:CNNVDid:CNNVD-202103-1447

Trust: 0.7

db:CS-HELPid:SB2022012754

Trust: 0.6

db:VULHUBid:VHN-380187

Trust: 0.1

db:VULMONid:CVE-2021-21783

Trust: 0.1

sources: VULHUB: VHN-380187 // VULMON: CVE-2021-21783 // JVNDB: JVNDB-2021-010931 // CNNVD: CNNVD-202103-1447 // NVD: CVE-2021-21783

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2021-1245

Trust: 3.2

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-21783

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022012754

Trust: 0.6

url:https://vigilance.fr/vulnerability/gsoap-code-execution-via-ws-addressing-plugin-35154

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-is-genivia-gsoap-affect-ibm-spectrum-protect-for-virtual-environments-data-protection-for-vmware-cve-2020-13575-cve-2020-13578-cve-2020-13574-cve-2020-13577-cv/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-genivia-gsoap-vulnerabilities-affect-ibm-spectrum-protect-for-virtual-environmentsdata-protection-for-vmware-and-spectrum-protect-client-cve-2020-13575-cve-2020-13578-cve-2020-1/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987273

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-is-genivia-gsoap-affect-ibm-spectrum-protect-for-virtual-environments-data-protection-for-vmware-cve-2020-13575-cve-2020-13578-cve-2020-13574-cve-2020-13577-cv-2/

Trust: 0.1

sources: VULHUB: VHN-380187 // VULMON: CVE-2021-21783 // JVNDB: JVNDB-2021-010931 // CNNVD: CNNVD-202103-1447 // NVD: CVE-2021-21783

CREDITS

Discovered by a member of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202103-1447

SOURCES

db:VULHUBid:VHN-380187
db:VULMONid:CVE-2021-21783
db:JVNDBid:JVNDB-2021-010931
db:CNNVDid:CNNVD-202103-1447
db:NVDid:CVE-2021-21783

LAST UPDATE DATE

2024-11-23T20:21:55.838000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380187date:2022-07-21T00:00:00
db:VULMONid:CVE-2021-21783date:2021-03-25T00:00:00
db:JVNDBid:JVNDB-2021-010931date:2022-07-12T06:35:00
db:CNNVDid:CNNVD-202103-1447date:2022-04-01T00:00:00
db:NVDid:CVE-2021-21783date:2024-11-21T05:48:57.697

SOURCES RELEASE DATE

db:VULHUBid:VHN-380187date:2021-03-25T00:00:00
db:VULMONid:CVE-2021-21783date:2021-03-25T00:00:00
db:JVNDBid:JVNDB-2021-010931date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202103-1447date:2021-03-24T00:00:00
db:NVDid:CVE-2021-21783date:2021-03-25T17:15:13.210