admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-261xx/CVE-2021-26117.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

354 lines
11 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-26117",
"sourceIdentifier": "security@apache.org",
"published": "2021-01-27T19:15:13.720",
"lastModified": "2021-12-07T20:47:51.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password."
},
{
"lang": "es",
"value": "El m\u00f3dulo de inicio de sesi\u00f3n LDAP de ActiveMQ opcional puede ser configurado para usar el acceso an\u00f3nimo al servidor LDAP. En este caso, para Apache ActiveMQ Artemis anterior a versi\u00f3n 2.16.0 y Apache ActiveMQ anterior a versiones 5.16.1 y 5.15.14, el contexto an\u00f3nimo es usado para verificar una contrase\u00f1a de usuario v\u00e1lida por error, resultando en una comprobaci\u00f3n de la contrase\u00f1a"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.14",
"matchCriteriaId": "9EEB8CE4-89D2-4D1B-BCB7-E236991EBE7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "5.16.1",
"matchCriteriaId": "A64C2811-88CE-4A83-943C-A71EDD536E9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.16.0",
"matchCriteriaId": "EFC99E51-1E24-4DD8-BC3E-271133CF074C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndIncluding": "8.2.4.0",
"matchCriteriaId": "0331877D-D5DB-4EE8-8220-C1CDC3F90CB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndIncluding": "8.2.2",
"matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.2.2",
"matchCriteriaId": "5A528287-BF09-4E87-8192-81DBFB57A100"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b@%3Cgitbox.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7@%3Cgitbox.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/ra255ddfc8b613b80e9fa22ff3e106168b245f38a22316bfb54d21159@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7@%3Cissues.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99@%3Cannounce.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac@%3Cgitbox.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6@%3Ccommits.activemq.apache.org%3E",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA@mail.gmail.com%3e",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20210304-0008/",
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"source": "security@apache.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink