7.5
CVE-2021-26117
- EPSS 16.3%
- Veröffentlicht 27.01.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:55:53
- Quelle security@apache.org
- Teams Watchlist Login
- Unerledigt Login
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Activemq Artemis Version < 2.16.0
Netapp ≫ Oncommand Workflow Automation Version-
Debian ≫ Debian Linux Version9.0
Oracle ≫ Communications Element Manager Version >= 8.2.0 <= 8.2.4.0
Oracle ≫ Communications Session Report Manager Version >= 8.2.0 <= 8.2.2
Oracle ≫ Communications Session Route Manager Version >= 8.0.0 <= 8.2.2
Oracle ≫ Flexcube Private Banking Version12.0.0
Oracle ≫ Flexcube Private Banking Version12.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.3% | 0.946 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.