ID

VAR-202107-1555


CVE

CVE-2021-36090


TITLE

Compress  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008210

DESCRIPTION

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. Compress Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update Advisory ID: RHSA-2022:5555-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:5555 Issue date: 2022-07-14 CVE Names: CVE-2021-3807 CVE-2021-33623 CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 CVE-2022-22950 CVE-2022-31051 ==================================================================== 1. Summary: Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch 3. Description: The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1663217 - [RFE] Add RHV VM name to the matching between Satellite's content host to RHV (currently only VM FQDN is used) 1782077 - [RFE] More Flexible RHV CPU Allocation Policy with HyperThreading 1849045 - Differences between apidoc and REST API documentation about exporting VMs and templates to OVA 1852308 - Snapshot fails to create with 'Invalid parameter: 'capacity73741824'' Exception 1958032 - Live Storage Migration fails because replication filled the destination volume before extension. 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1976607 - Deprecate QXL 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 1994144 - [RHV 4.4.6] Mail recipient is not updated while configuring Event Notifications 2001574 - Memory usage on Windows client browser while using move or copy disk operations on Admin web 2001923 - NPE during RemoveSnapshotSingleDisk command 2006625 - Engine generates VDS_HIGH_MEM_USE events for empty hosts that have most memory reserved by huge pages 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2030293 - VM in locked state forever if manager is rebooted while exporting VM as OVA 2068270 - RHV-M Admin Portal gives '500 - Internal Server Error" with command_entities in EXECUTION_FAILED status 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2070045 - UploadStreamVDSCommand fails with java.net.SocketTimeoutException after 20 seconds 2072626 - RHV-M generates SNMPv3 trap with msgAuthoritativeEngineBoots: 0 despite multiple engine restarts 2081241 - VFIO_MAP_DMA failed: Cannot allocate memory -12 (VM with GPU passthrough, Q35 machine and 16 vcpus) 2081559 - [RFE] discrepancy tool should detect preallocated cow images that were reduced 2089856 - [TestOnly] Bug 2015796 - [RFE] RHV Manager should support running on a host with DISA STIG security profile applied 2092885 - Please say "SP1" on the landing page 2093795 - Upgrade ovirt-log-collector to 4.4.6 2097414 - CVE-2022-31051 semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding 2099650 - Upgrade to latest version failed due to failed database schema refresh 2105296 - cannot live migrate vm from rhv-h 4.4.10 to 4.50 (4.4.11) 6. Package List: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4: Source: apache-commons-compress-1.21-1.2.el8ev.src.rpm ovirt-dependencies-4.5.2-1.el8ev.src.rpm ovirt-engine-4.5.1.2-0.11.el8ev.src.rpm ovirt-engine-dwh-4.5.3-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.3.4-1.el8ev.src.rpm ovirt-log-collector-4.4.6-1.el8ev.src.rpm ovirt-web-ui-1.9.0-1.el8ev.src.rpm postgresql-jdbc-42.2.14-1.el8ev.src.rpm rhv-log-collector-analyzer-1.0.14-1.el8ev.src.rpm rhvm-branding-rhv-4.5.0-1.el8ev.src.rpm noarch: apache-commons-compress-1.21-1.2.el8ev.noarch.rpm apache-commons-compress-javadoc-1.21-1.2.el8ev.noarch.rpm ovirt-dependencies-4.5.2-1.el8ev.noarch.rpm ovirt-engine-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-backend-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-dbscripts-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-dwh-4.5.3-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.3-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.5.3-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-restapi-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-base-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-tools-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-tools-backup-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.3.4-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-log-collector-4.4.6-1.el8ev.noarch.rpm ovirt-web-ui-1.9.0-1.el8ev.noarch.rpm postgresql-jdbc-42.2.14-1.el8ev.noarch.rpm postgresql-jdbc-javadoc-42.2.14-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.5.1.2-0.11.el8ev.noarch.rpm rhv-log-collector-analyzer-1.0.14-1.el8ev.noarch.rpm rhvm-4.5.1.2-0.11.el8ev.noarch.rpm rhvm-branding-rhv-4.5.0-1.el8ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-33623 https://access.redhat.com/security/cve/CVE-2021-35515 https://access.redhat.com/security/cve/CVE-2021-35516 https://access.redhat.com/security/cve/CVE-2021-35517 https://access.redhat.com/security/cve/CVE-2021-36090 https://access.redhat.com/security/cve/CVE-2022-22950 https://access.redhat.com/security/cve/CVE-2022-31051 https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFkB9zjgjWX9erEAQhJEQ//eXBYq/X5gI7umxdyGiiBdWtu+p7OuQ65 fGKy0dmJSIB5IzbmSxekBwRn23cSbFtRQxm25RbE+AwxD7a57pPJXJy3Wjvz+MKl wGJADj6Ia+4APGc4D63vkFZb7e9beUX4ehIswzADD+eYdT6hSoxzeFCSoNVS52ih gjqZvAb5HoDHiqO5EZPyhnb29xwMVO4obMQlpVe4BcPBjIS4CkW9Uh7x4YB9/778 hGYqgzquGa1TEqChw8Hhy8TSmA3g5b66ywsxNrllHDgTN/hG8iEcWw3V+e23Ubbi zb8rpu1Lm/36RYMyYwUiLg/F8ePbNnIdb1bllFDAUq9M7lH5hs77KDPj00Ff7+xh nwOgG5ktIMP/7KNsKUxPf/W94Yi6R9pZH3J2PXV2YjpDd8L6LNXGK5q5A3yjGksr tXZmQ2+jckXeel1vDvJ3qlkfHHNS1gvcQvNWci5EBOoeqEKQUTJZJQoucTbrhp2M 8502HAzHGRinjVnLizT/6JnEuGvHVwy8O8yx/D2UEEz7FsCDxPG0bBb+8Iy+6ZZb /EcTamIUpmyxEZ9AdQxW++GoaGWckYaMEVjcIbWvExP1kAlWY2E5uuaizlrLh116 fonyYo2esLh8mFN8OmcZhPDwJGuzlFL+mhOn6OQi8/ZmfkHPItSWVv772vKA1zlT yetpCCo5iV4=Muhw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description: This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): * fastjson (CVE-2022-25845) * jackson-databind (CVE-2020-36518) * mysql-connector-java (CVE-2021-2471, CVE-2022-21363) * undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319) * wildfly-elytron (CVE-2021-3642) * nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807) * 3 qt (CVE-2021-3859) * kubernetes-client (CVE-2021-4178) * spring-security (CVE-2021-22119) * protobuf-java (CVE-2021-22569) * google-oauth-client (CVE-2021-22573) * XStream (CVE-2021-29505, CVE-2021-43859) * jdom (CVE-2021-33813, CVE-2021-33813) * apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090) * Kafka (CVE-2021-38153) * xml-security (CVE-2021-40690) * logback (CVE-2021-42550) * netty (CVE-2021-43797) * xnio (CVE-2022-0084) * jdbc-postgresql (CVE-2022-21724) * spring-expression (CVE-2022-22950) * springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096, CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978) * h2 (CVE-2022-23221) * junrar (CVE-2022-23596) * artemis-commons (CVE-2022-23913) * elasticsearch (CVE-2020-7020) * tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122, CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340, CVE-2022-23181) * junit4 (CVE-2020-15250) * wildfly-core (CVE-2020-25689, CVE-2021-3644) * kotlin (CVE-2020-29582) * karaf (CVE-2021-41766, CVE-2022-22932) * Spring Framework (CVE-2022-22968) * metadata-extractor (CVE-2022-24614) * poi-scratchpad (CVE-2022-26336) * postgresql-jdbc (CVE-2022-26520) * tika-core (CVE-2022-30126) For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c 1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence) 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy 1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2046279 - CVE-2022-22932 karaf: path traversal flaws 2046282 - CVE-2021-41766 karaf: insecure java deserialization 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability 2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting 2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096) 2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file 2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31 2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part 2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor 2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization 5

Trust: 2.52

sources: NVD: CVE-2021-36090 // JVNDB: JVNDB-2021-008210 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-396451 // VULMON: CVE-2021-36090 // PACKETSTORM: 167815 // PACKETSTORM: 167841

AFFECTED PRODUCTS

vendor:oraclemodel:communications cloud native core automated test suitescope:eqversion:1.8.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:communications element managerscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.4

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.12.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.7.2.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.2.3

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:lteversion:8.2.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:gteversion:8.2.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:21.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.12

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.11

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:20.1

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:20.1

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.2

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:banking apisscope:lteversion:18.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.9.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:eqversion:8.2.3

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:1.14.0

Trust: 1.0

vendor:apachemodel:commons compressscope:ltversion:1.21

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.2

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:lteversion:8.2.5.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:banking apisscope:gteversion:18.1

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.8.1.0

Trust: 1.0

vendor:oraclemodel:banking party managementscope:eqversion:2.7.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:eqversion:11.3.1

Trust: 1.0

vendor:oraclemodel:healthcare data repositoryscope:eqversion:8.1.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:banking enterprise default managementscope:eqversion:2.7.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:1.14.0

Trust: 1.0

vendor:oraclemodel:banking paymentsscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.1.1

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:eqversion:11.2.8

Trust: 1.0

vendor:oraclemodel:communications element managerscope:lteversion:8.2.4.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:21.1

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.3.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:eqversion:11.3.0

Trust: 1.0

vendor:oraclemodel:communications messaging serverscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.2.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:commerce guided searchscope:eqversion:11.3.2

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.5.0

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:eqversion:11.1.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:eqversion:12.4

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:lteversion:18.3

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.3.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.7

Trust: 1.0

vendor:oraclemodel:banking trade financescope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:lteversion:14.3.0

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.2.2

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:gteversion:18.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.0.0

Trust: 1.0

vendor:apachemodel:commons compressscope:gteversion:1.0

Trust: 1.0

vendor:オラクルmodel:oracle banking party managementscope: - version: -

Trust: 0.8

vendor:日立model:hitachi automation directorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center automatorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking platformscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking enterprise default managementscope: - version: -

Trust: 0.8

vendor:apachemodel:commons compressscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking apisscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking digital experiencescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008210 // NVD: CVE-2021-36090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36090
value: HIGH

Trust: 1.0

NVD: CVE-2021-36090
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-899
value: HIGH

Trust: 0.6

VULHUB: VHN-396451
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36090
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36090
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-396451
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36090
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-36090
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-396451 // VULMON: CVE-2021-36090 // JVNDB: JVNDB-2021-008210 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-899 // NVD: CVE-2021-36090

PROBLEMTYPE DATA

problemtype:CWE-130

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-008210 // NVD: CVE-2021-36090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-899

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-899

PATCH

title:hitachi-sec-2022-109 Software product security informationurl:https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3Ccommits.drill.apache.org%3E

Trust: 0.8

title:Apache Commons Compress Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178518

Trust: 0.6

title:Red Hat: CVE-2021-36090url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-36090

Trust: 0.1

title:Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225555 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: libcommons-compress-java: CVE-2021-36090 CVE-2021-35517 CVE-2021-35516 CVE-2021-35515url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8eed6c5046e41c171ae74a270f231be6

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Automation Director and Hitachi Ops Center Automatorurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-109

Trust: 0.1

title:IBM: Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=62046b52173657c354e061b2ffdf9254

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.11.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225532 - Security Advisory

Trust: 0.1

title: - url:https://github.com/Ubiquiti-Android-FW/mtk-t0-mp5-aiot-V5.102-platform-external-jazzer-api

Trust: 0.1

sources: VULMON: CVE-2021-36090 // JVNDB: JVNDB-2021-008210 // CNNVD: CNNVD-202107-899

EXTERNAL IDS

db:NVDid:CVE-2021-36090

Trust: 3.6

db:OPENWALLid:OSS-SECURITY/2021/07/13/6

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2021/07/13/4

Trust: 1.8

db:PACKETSTORMid:167815

Trust: 0.8

db:JVNDBid:JVNDB-2021-008210

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.3130

Trust: 0.6

db:AUSCERTid:ESB-2021.2651

Trust: 0.6

db:AUSCERTid:ESB-2021.3397

Trust: 0.6

db:CS-HELPid:SB2021120114

Trust: 0.6

db:CS-HELPid:SB2022011911

Trust: 0.6

db:CS-HELPid:SB2022072013

Trust: 0.6

db:CS-HELPid:SB2021123007

Trust: 0.6

db:CS-HELPid:SB2021071408

Trust: 0.6

db:CS-HELPid:SB2022032011

Trust: 0.6

db:CS-HELPid:SB2022060703

Trust: 0.6

db:CS-HELPid:SB2022042212

Trust: 0.6

db:CS-HELPid:SB2022011224

Trust: 0.6

db:CS-HELPid:SB2022060812

Trust: 0.6

db:CS-HELPid:SB2021100411

Trust: 0.6

db:CS-HELPid:SB2021080809

Trust: 0.6

db:CS-HELPid:SB2022071701

Trust: 0.6

db:CS-HELPid:SB2022012750

Trust: 0.6

db:CS-HELPid:SB2021122809

Trust: 0.6

db:CS-HELPid:SB2022012324

Trust: 0.6

db:CNNVDid:CNNVD-202107-899

Trust: 0.6

db:VULHUBid:VHN-396451

Trust: 0.1

db:VULMONid:CVE-2021-36090

Trust: 0.1

db:PACKETSTORMid:167841

Trust: 0.1

sources: VULHUB: VHN-396451 // VULMON: CVE-2021-36090 // JVNDB: JVNDB-2021-008210 // PACKETSTORM: 167815 // PACKETSTORM: 167841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-899 // NVD: CVE-2021-36090

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://security.netapp.com/advisory/ntap-20211022-0001/

Trust: 1.8

url:https://commons.apache.org/proper/commons-compress/security-reports.html

Trust: 1.8

url:https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3cuser.commons.apache.org%3e

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2021/07/13/4

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2021/07/13/6

Trust: 1.8

url:https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949%40%3ccommits.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3cdev.poi.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75ffc7a461e7e7ae77690fa75bd47bb71365c732e0fbcc44da4f8ff5%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3cnotifications.skywalking.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3cnotifications.skywalking.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7%40%3cnotifications.james.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3cnotifications.skywalking.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3cnotifications.skywalking.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3cnotifications.skywalking.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3cnotifications.skywalking.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3cuser.ant.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3cnotifications.skywalking.apache.org%3e

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-36090

Trust: 0.9

url:https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3cannounce.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3cannounce.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3cuser.ant.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3ccommits.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456@%3cdev.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6@%3cissues.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a@%3cissues.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd@%3cissues.drill.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3ccommits.druid.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3ccommits.druid.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3ccommits.druid.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7@%3cnotifications.james.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3cdev.poi.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3ccommits.pulsar.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3cnotifications.skywalking.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3cnotifications.skywalking.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3cnotifications.skywalking.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3cnotifications.skywalking.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3cnotifications.skywalking.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3cnotifications.skywalking.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3cnotifications.skywalking.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r75ffc7a461e7e7ae77690fa75bd47bb71365c732e0fbcc44da4f8ff5@%3cdev.tomcat.apache.org%3e

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122809

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072013

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080809

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6501221

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060703

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6507013

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6527136

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6528202

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011224

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb20220422121

Trust: 0.6

url:https://packetstormsecurity.com/files/167815/red-hat-security-advisory-2022-5555-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3397

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071408

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6509702

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6526070

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6519948

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6514411

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6482503

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6516776

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3130

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120114

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021123007

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012750

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6498141

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6492617

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6516470

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6524930

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6525722

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-commons-compress-denial-of-service-via-zip-36055

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6489683

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6492217

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060812

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012324

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032011

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6525250

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011911

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2651

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100411

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071701

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5555

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31051

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31051

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

sources: VULHUB: VHN-396451 // VULMON: CVE-2021-36090 // JVNDB: JVNDB-2021-008210 // PACKETSTORM: 167815 // PACKETSTORM: 167841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-899 // NVD: CVE-2021-36090

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 167815 // PACKETSTORM: 167841

SOURCES

db:VULHUBid:VHN-396451
db:VULMONid:CVE-2021-36090
db:JVNDBid:JVNDB-2021-008210
db:PACKETSTORMid:167815
db:PACKETSTORMid:167841
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-899
db:NVDid:CVE-2021-36090

LAST UPDATE DATE

2024-08-14T12:44:02.099000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-396451date:2023-02-28T00:00:00
db:VULMONid:CVE-2021-36090date:2023-02-28T00:00:00
db:JVNDBid:JVNDB-2021-008210date:2022-03-08T02:38:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-899date:2022-07-28T00:00:00
db:NVDid:CVE-2021-36090date:2023-11-07T03:36:42.777

SOURCES RELEASE DATE

db:VULHUBid:VHN-396451date:2021-07-13T00:00:00
db:VULMONid:CVE-2021-36090date:2021-07-13T00:00:00
db:JVNDBid:JVNDB-2021-008210date:2022-03-08T00:00:00
db:PACKETSTORMid:167815date:2022-07-27T17:20:03
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-899date:2021-07-13T00:00:00
db:NVDid:CVE-2021-36090date:2021-07-13T08:15:07.310