7.5
CVE-2021-26117
- EPSS 16.3%
- Published 27.01.2021 19:15:13
- Last modified 21.11.2024 05:55:53
- Source security@apache.org
- Teams watchlist Login
- Open Login
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ Activemq Artemis Version < 2.16.0
Netapp ≫ Oncommand Workflow Automation Version-
Debian ≫ Debian Linux Version9.0
Oracle ≫ Communications Element Manager Version >= 8.2.0 <= 8.2.4.0
Oracle ≫ Communications Session Report Manager Version >= 8.2.0 <= 8.2.2
Oracle ≫ Communications Session Route Manager Version >= 8.0.0 <= 8.2.2
Oracle ≫ Flexcube Private Banking Version12.0.0
Oracle ≫ Flexcube Private Banking Version12.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.3% | 0.946 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.