6.5
CVE-2021-30640
- EPSS 0.18%
- Veröffentlicht 12.07.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:04:20
- Quelle security@apache.org
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Communications Cloud Native Core Policy Version1.14.0
Oracle ≫ Communications Diameter Signaling Router Version >= 8.0.0 <= 8.5.0
Oracle ≫ Communications Pricing Design Center Version12.0.0.3.0
Oracle ≫ Hospitality Cruise Shipboard Property Management System Version20.1.0
Oracle ≫ Tekelec Platform Distribution Version >= 7.4.0 <= 7.7.1
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.405 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.2 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.