5.3

CVE-2021-20289

EPSS 0.09%
Veröffentlicht 26.03.2021 17:15:13
Zuletzt bearbeitet 21.11.2024 05:46:17
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Resteasy Version <= 4.6.0

Netapp ≫ Oncommand Insight Version-

Quarkus ≫ Quarkus Version < 1.13.4

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.262

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20289

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20289

EUVD