ID

VAR-202110-1706


CVE

CVE-2021-37136


TITLE

Netty  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013843

DESCRIPTION

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack. Netty Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 1802531 - CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists 1901304 - CVE-2020-27782 undertow: special character in query results in server errors 1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1922102 - CVE-2021-23926 xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack 1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1933808 - CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1939839 - CVE-2021-27568 json-smart: uncaught exception may lead to crash or information disclosure 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1946341 - CVE-2021-22696 cxf: OAuth 2 authorization service vulnerable to DDos attacks 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter 1974854 - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Data Grid 8.3.0 security update Advisory ID: RHSA-2022:0520-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0520 Issue date: 2022-02-14 CVE Names: CVE-2021-3642 CVE-2021-29505 CVE-2021-37136 CVE-2021-37137 CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2021-43797 ===================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.3.0 replaces Data Grid 8.2.3 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.0 in the Release Notes[3]. Security Fix(es): * XStream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 8.3.0 Server patch from the customer portal[²]. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 8.3.0 Server patch. 4. Restart Data Grid to ensure the changes take effect. For more information about Data Grid 8.3.0, refer to the 8.3.0 Release Notes[³] 4. Bugs fixed (https://bugzilla.redhat.com/): 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler 1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* 1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration 1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator 1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* 1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData 1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 5. References: https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-29505 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-39139 https://access.redhat.com/security/cve/CVE-2021-39140 https://access.redhat.com/security/cve/CVE-2021-39141 https://access.redhat.com/security/cve/CVE-2021-39144 https://access.redhat.com/security/cve/CVE-2021-39145 https://access.redhat.com/security/cve/CVE-2021-39146 https://access.redhat.com/security/cve/CVE-2021-39147 https://access.redhat.com/security/cve/CVE-2021-39148 https://access.redhat.com/security/cve/CVE-2021-39149 https://access.redhat.com/security/cve/CVE-2021-39150 https://access.redhat.com/security/cve/CVE-2021-39151 https://access.redhat.com/security/cve/CVE-2021-39152 https://access.redhat.com/security/cve/CVE-2021-39153 https://access.redhat.com/security/cve/CVE-2021-39154 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=data.grid&version=8.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgqC8NzjgjWX9erEAQjxrhAAlRLvbYFtNVJ58rcPJPTCOB+6LC1nm5CN GyW70yJwRtNBEgwtsxMH8aEOcIFTdk8dG/FJ+VO86k0OntdPGd64fXRS05fExa9z qvenykKf+4WteUFmjUoAv5Kf7S6H/+oY8+IrFvTkuC3MWhMDff5Yfi3sXit/kXrP v5mtRMJxh4ZMBE8a7XscoJ7ZgzW312QCnc14b4XOSPvj6tMpnrWRl8LW6U3B1NtK 2KQrsvwpSIRH3o2+LHc6jdnBqaAv0/+sS2oAkHOcqVSx0wRG5sd7zI9cZt79HpRA rbowWhKfCdT9S781zs09hFybHoka2UxHfwyQPW2VzVAVn/+Wf1pXmOrXY225aMFL rKYbXEKGO9KGaJPH0x4vB5Xg8vJ1PHx+K6371Ap577M+u1Hhh4JSU2ic5z/s7NEJ 68wgiameFdh45WIj+jihVHSIfJ4T+8Z0zitdqjH4HfpNPSokeVogZn8EVBP9bI4E lxw3ei0mP1bJumHZnE2RgB4EjTFKgc0xeChtYXmwaVffDP06nR7UFpzRYi04RK1Y Jm/6R0SLxpF8zJcFr/DaWUloqlKKnxlQ4uOJXq8UeKve17/E7R19WquILIuNcXe1 ARTfBuHN5PXfa4my2BnvY4eNp/RJqLQyX3GXF73XruFQeLDQwnvFphjeowMNar8o 3q4Xl2OmVZc= =AD50 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. The References section of this erratum contains a download link (you must log in to download the update). ========================================================================== Ubuntu Security Notice USN-6049-1 April 28, 2023 netty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 ESM - Ubuntu 18.04 ESM - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Netty. Software Description: - netty: Java NIO client/server socket framework Details: It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-11612) It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290) It was discovered that Netty did not properly validate content-length headers. A remote attacker could possibly use this issue to smuggle requests. This issue was only fixed in Ubuntu 20.04 ESM. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136) It was discovered that Netty's Snappy frame decoder function did not limit chunk lengths. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. (CVE-2021-37137) It was discovered that Netty did not properly handle control chars at the beginning and end of header names. A remote attacker could possibly use this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797) It was discovered that Netty could be made into an infinite recursion when parsing a malformed crafted message. A remote attacker could possibly use this issue to cause Netty to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41881) It was discovered that Netty did not validate header values under certain circumstances. A remote attacker could possibly use this issue to perform HTTP response splitting via malicious header values. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41915) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libnetty-java 1:4.1.48-5ubuntu0.1 Ubuntu 22.04 LTS: libnetty-java 1:4.1.48-4+deb11u1build0.22.04.1 Ubuntu 20.04 ESM: libnetty-java 1:4.1.45-1ubuntu0.1~esm1 Ubuntu 18.04 ESM: libnetty-java 1:4.1.7-4ubuntu0.1+esm2 Ubuntu 16.04 ESM: libnetty-java 1:4.0.34-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data 2129809 - CVE-2022-36944 scala: deserialization gadget chain 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function 2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) 5. JIRA issues fixed (https://issues.jboss.org/): ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0 6. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.4, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. JIRA issues fixed (https://issues.jboss.org/): LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector

Trust: 2.43

sources: NVD: CVE-2021-37136 // JVNDB: JVNDB-2021-013843 // VULHUB: VHN-398972 // PACKETSTORM: 165294 // PACKETSTORM: 166408 // PACKETSTORM: 165980 // PACKETSTORM: 165105 // PACKETSTORM: 172072 // PACKETSTORM: 172453 // PACKETSTORM: 167142 // PACKETSTORM: 174675

AFFECTED PRODUCTS

vendor:oraclemodel:banking digital experiencescope:eqversion:18.2

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.48

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:ltversion:12.0.0.4.6

Trust: 1.0

vendor:oraclemodel:helidonscope:eqversion:2.4.0

Trust: 1.0

vendor:oraclemodel:coherencescope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:18.3

Trust: 1.0

vendor:quarkusmodel:quarkusscope:ltversion:2.2.4

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:1.8.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.11.0

Trust: 1.0

vendor:oraclemodel:helidonscope:eqversion:1.4.10

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:1.7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:21.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:21.1

Trust: 1.0

vendor:oraclemodel:communications instant messaging serverscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:20.1

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:20.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0.2

Trust: 1.0

vendor:nettymodel:nettyscope:ltversion:4.1.68

Trust: 1.0

vendor:oraclemodel:coherencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:commerce guided searchscope:eqversion:11.3.2

Trust: 1.0

vendor:oraclemodel:banking apisscope:lteversion:18.3

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:banking apisscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:12

Trust: 1.0

vendor:oraclemodel:banking apisscope:gteversion:18.1

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:banking digital experiencescope:eqversion:18.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.15.0

Trust: 1.0

vendor:オラクルmodel:oracle communications cloud native core binding support functionscope: - version: -

Trust: 0.8

vendor:netappmodel:oncommand insightscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking apisscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle commerce guided searchscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking digital experiencescope: - version: -

Trust: 0.8

vendor:the nettymodel:nettyscope: - version: -

Trust: 0.8

vendor:オラクルmodel:peoplesoft enterprise peopletoolsscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications diameter signaling routerscope: - version: -

Trust: 0.8

vendor:quarkusmodel:quarkusscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013843 // NVD: CVE-2021-37136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37136
value: HIGH

Trust: 1.0

NVD: CVE-2021-37136
value: HIGH

Trust: 0.8

VULHUB: VHN-398972
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37136
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398972
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37136
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37136
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398972 // JVNDB: JVNDB-2021-013843 // NVD: CVE-2021-37136

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398972 // JVNDB: JVNDB-2021-013843 // NVD: CVE-2021-37136

THREAT TYPE

remote, local

Trust: 0.1

sources: PACKETSTORM: 172072

TYPE

code execution, xss, memory leak

Trust: 0.1

sources: PACKETSTORM: 165294

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-398972

PATCH

title:Oracle Critical Patch Update Advisory - April 2022 Oracle Critical Patch Updateurl:https://security.netapp.com/advisory/ntap-20220210-0012/

Trust: 0.8

sources: JVNDB: JVNDB-2021-013843

EXTERNAL IDS

db:NVDid:CVE-2021-37136

Trust: 3.5

db:JVNDBid:JVNDB-2021-013843

Trust: 0.8

db:PACKETSTORMid:166408

Trust: 0.2

db:PACKETSTORMid:167142

Trust: 0.2

db:PACKETSTORMid:165980

Trust: 0.2

db:PACKETSTORMid:165105

Trust: 0.2

db:PACKETSTORMid:170498

Trust: 0.1

db:PACKETSTORMid:169918

Trust: 0.1

db:PACKETSTORMid:167122

Trust: 0.1

db:PACKETSTORMid:164936

Trust: 0.1

db:PACKETSTORMid:168657

Trust: 0.1

db:PACKETSTORMid:167424

Trust: 0.1

db:PACKETSTORMid:165564

Trust: 0.1

db:PACKETSTORMid:167140

Trust: 0.1

db:PACKETSTORMid:167423

Trust: 0.1

db:PACKETSTORMid:167964

Trust: 0.1

db:PACKETSTORMid:167422

Trust: 0.1

db:VULHUBid:VHN-398972

Trust: 0.1

db:PACKETSTORMid:165294

Trust: 0.1

db:PACKETSTORMid:172072

Trust: 0.1

db:PACKETSTORMid:172453

Trust: 0.1

db:PACKETSTORMid:174675

Trust: 0.1

sources: VULHUB: VHN-398972 // JVNDB: JVNDB-2021-013843 // PACKETSTORM: 165294 // PACKETSTORM: 166408 // PACKETSTORM: 165980 // PACKETSTORM: 165105 // PACKETSTORM: 172072 // PACKETSTORM: 172453 // PACKETSTORM: 167142 // PACKETSTORM: 174675 // NVD: CVE-2021-37136

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 1.5

url:https://security.netapp.com/advisory/ntap-20220210-0012/

Trust: 1.1

url:https://www.debian.org/security/2023/dsa-5316

Trust: 1.1

url:https://github.com/netty/netty/security/advisories/ghsa-grg4-wf29-r9vv

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html

Trust: 1.1

url:https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3cdev.tinkerpop.apache.org%3e

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-21290

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30129

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28170

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15522

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15522

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-36944

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-36944

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24823

Trust: 0.2

url:https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3ccommits.druid.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3cdev.tinkerpop.apache.org%3e

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37714

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35510

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21342

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2875

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3690

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28164

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12415

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11988

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9488

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2875

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21350

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21349

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12415

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26217

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3597

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11987

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21295

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21295

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27782

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.10.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34428

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3536

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27223

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29425

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11987

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26217

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10744

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35510

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13943

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13949

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9488

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28491

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27223

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27782

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5134

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11988

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13949

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22118

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30129

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8908

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26291

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26291

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41269

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42392

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8908

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41269

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42392

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version=2022-q2

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39154

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=data.grid&version=8.3

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39145

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39149

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39151

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39140

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39148

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39151

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39152

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39147

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39150

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39148

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39145

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39147

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39141

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39141

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4851

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.9.1

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41915

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u1build0.22.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21409

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6049-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46877

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.4.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42003

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46877

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40150

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0833

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0833

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21443

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21476

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21496

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21496

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25636

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4028

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21443

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21476

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34455

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34455

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-3635

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2976

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-26048

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34454

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:5165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0482

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.5

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-26048

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34453

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-33201

Trust: 0.1

url:https://issues.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-33201

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-26049

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-26049

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.5.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-34462

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-34453

Trust: 0.1

sources: VULHUB: VHN-398972 // JVNDB: JVNDB-2021-013843 // PACKETSTORM: 165294 // PACKETSTORM: 166408 // PACKETSTORM: 165980 // PACKETSTORM: 165105 // PACKETSTORM: 172072 // PACKETSTORM: 172453 // PACKETSTORM: 167142 // PACKETSTORM: 174675 // NVD: CVE-2021-37136

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 165294 // PACKETSTORM: 166408 // PACKETSTORM: 165980 // PACKETSTORM: 165105 // PACKETSTORM: 172453 // PACKETSTORM: 167142 // PACKETSTORM: 174675

SOURCES

db:VULHUBid:VHN-398972
db:JVNDBid:JVNDB-2021-013843
db:PACKETSTORMid:165294
db:PACKETSTORMid:166408
db:PACKETSTORMid:165980
db:PACKETSTORMid:165105
db:PACKETSTORMid:172072
db:PACKETSTORMid:172453
db:PACKETSTORMid:167142
db:PACKETSTORMid:174675
db:NVDid:CVE-2021-37136

LAST UPDATE DATE

2024-11-20T20:01:31.890000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398972date:2023-02-24T00:00:00
db:JVNDBid:JVNDB-2021-013843date:2022-09-28T08:45:00
db:NVDid:CVE-2021-37136date:2023-11-07T03:36:54.390

SOURCES RELEASE DATE

db:VULHUBid:VHN-398972date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013843date:2022-09-28T00:00:00
db:PACKETSTORMid:165294date:2021-12-15T15:25:47
db:PACKETSTORMid:166408date:2022-03-23T15:52:53
db:PACKETSTORMid:165980date:2022-02-14T17:51:16
db:PACKETSTORMid:165105date:2021-12-01T16:25:45
db:PACKETSTORMid:172072date:2023-05-01T16:09:49
db:PACKETSTORMid:172453date:2023-05-18T13:50:51
db:PACKETSTORMid:167142date:2022-05-12T15:55:09
db:PACKETSTORMid:174675date:2023-09-15T13:53:16
db:NVDid:CVE-2021-37136date:2021-10-19T15:15:07.697