Details of VAR-202112-0517

ID

VAR-202112-0517

CVE

CVE-2021-38951

TITLE

IBM WebSphere Application Server Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016115

DESCRIPTION

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. Vendor exploits this vulnerability IBM X-Force ID: 211405 It is published as.Service operation interruption (DoS) It may be in a state. This product is a platform for JavaEE and Web service applications, as well as the foundation of the IBM WebSphere software platform. The vulnerability stems from the failure to properly handle the input error message

Trust: 2.16

sources: NVD: CVE-2021-38951 // JVNDB: JVNDB-2021-016115 // CNVD: CNVD-2021-99670

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-99670

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere application server	scope:	eq	version:	8.5	Trust: 2.4
vendor:	ibm	model:	websphere application server	scope:	eq	version:	8.0	Trust: 2.4
vendor:	ibm	model:	websphere application server	scope:	eq	version:	7.0	Trust: 2.4
vendor:	ibm	model:	websphere application server	scope:	eq	version:	9.0	Trust: 2.4
vendor:	ibm	model:	websphere application server	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-99670 // JVNDB: JVNDB-2021-016115 // NVD: CVE-2021-38951

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38951
value:	HIGH
Trust: 1.0
psirt@us.ibm.com:	CVE-2021-38951
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-38951
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-99670
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-659
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-38951
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-99670
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2021-38951
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-38951
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-99670 // JVNDB: JVNDB-2021-016115 // CNNVD: CNNVD-202112-659 // NVD: CVE-2021-38951 // NVD: CVE-2021-38951

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016115 // NVD: CVE-2021-38951

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-659

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202112-659

PATCH

title:	6524674 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6524674	Trust: 0.8
title:	Patch for IBM WebSphere Application Server Denial of Service Vulnerability (CNVD-2021-99670)	url:	https://www.cnvd.org.cn/patchInfo/show/304461	Trust: 0.6
title:	IBM WebSphere Application Server Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174426	Trust: 0.6

sources: CNVD: CNVD-2021-99670 // JVNDB: JVNDB-2021-016115 // CNNVD: CNNVD-202112-659

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38951	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-016115	Trust: 0.8
db:	CNVD	id:	CNVD-2021-99670	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4247	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0194	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4170	Trust: 0.6
db:	CS-HELP	id:	SB2022010632	Trust: 0.6
db:	CS-HELP	id:	SB2022021421	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-659	Trust: 0.6

sources: CNVD: CNVD-2021-99670 // JVNDB: JVNDB-2021-016115 // CNNVD: CNNVD-202112-659 // NVD: CVE-2021-38951

REFERENCES

url:	https://www.ibm.com/support/pages/node/6524674	Trust: 2.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/211405	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38951	Trust: 1.4
url:	https://vigilance.fr/vulnerability/websphere-as-overload-via-crafted-request-37034	Trust: 1.2
url:	https://www.auscert.org.au/bulletins/esb-2021.4247	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0194	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010632	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4170	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021421	Trust: 0.6

sources: CNVD: CNVD-2021-99670 // JVNDB: JVNDB-2021-016115 // CNNVD: CNNVD-202112-659 // NVD: CVE-2021-38951

SOURCES

db:	CNVD	id:	CNVD-2021-99670
db:	JVNDB	id:	JVNDB-2021-016115
db:	CNNVD	id:	CNNVD-202112-659
db:	NVD	id:	CVE-2021-38951

LAST UPDATE DATE

2024-08-14T13:04:53.726000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-99670	date:	2021-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-016115	date:	2022-12-07T02:27:00
db:	CNNVD	id:	CNNVD-202112-659	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-38951	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-99670	date:	2021-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-016115	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202112-659	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2021-38951	date:	2021-12-09T17:15:07.793