5.3

CVE-2021-20289

EPSS 0.09%
Published 26.03.2021 17:15:13
Last modified 21.11.2024 05:46:17
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Resteasy Version <= 4.6.0

Netapp ≫ Oncommand Insight Version-

Quarkus ≫ Quarkus Version < 1.13.4

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.262

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20289

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20289

EUVD