7.2
CVE-2021-23337
- EPSS 0.86%
- Veröffentlicht 15.02.2021 13:15:12
- Zuletzt bearbeitet 21.11.2024 05:51:31
- Quelle report@snyk.io
- Teams Watchlist Login
- Unerledigt Login
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Banking Corporate Lending Process Management Version14.2.0
Oracle ≫ Banking Corporate Lending Process Management Version14.3.0
Oracle ≫ Banking Corporate Lending Process Management Version14.5.0
Oracle ≫ Banking Credit Facilities Process Management Version14.2.0
Oracle ≫ Banking Credit Facilities Process Management Version14.3.0
Oracle ≫ Banking Credit Facilities Process Management Version14.5.0
Oracle ≫ Banking Extensibility Workbench Version14.2.0
Oracle ≫ Banking Extensibility Workbench Version14.3.0
Oracle ≫ Banking Extensibility Workbench Version14.5.0
Oracle ≫ Banking Supply Chain Finance Version14.2.0
Oracle ≫ Banking Supply Chain Finance Version14.3.0
Oracle ≫ Banking Supply Chain Finance Version14.5.0
Oracle ≫ Banking Trade Finance Process Management Version14.2.0
Oracle ≫ Banking Trade Finance Process Management Version14.3.0
Oracle ≫ Banking Trade Finance Process Management Version14.5.0
Oracle ≫ Communications Cloud Native Core Binding Support Function Version1.9.0
Oracle ≫ Communications Cloud Native Core Policy Version1.11.0
Oracle ≫ Communications Design Studio Version7.4.2.0.0
Oracle ≫ Communications Services Gatekeeper Version7.0
Oracle ≫ Communications Session Border Controller Version8.4
Oracle ≫ Communications Session Border Controller Version9.0
Oracle ≫ Enterprise Communications Broker Version3.2.0
Oracle ≫ Enterprise Communications Broker Version3.3.0
Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.2.0
Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.3.0
Oracle ≫ Health Sciences Data Management Workbench Version2.5.2.1
Oracle ≫ Health Sciences Data Management Workbench Version3.0.0.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.6.1
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59
Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11
Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.12
Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.11
Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.7
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Primavera Unifier Version19.12
Oracle ≫ Primavera Unifier Version20.12
Oracle ≫ Retail Customer Management And Segmentation Foundation Version19.0
Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows
Netapp ≫ Cloud Manager Version-
Netapp ≫ System Manager Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.742 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| report@snyk.io | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.