Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-28851 (GCVE-0-2020-28851)
Vulnerability from cvelistv5 – Published: 2021-01-02 05:42 – Updated: 2024-08-04 16:40
VLAI?
EPSS
Summary
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/golang/go/issues/42535"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T10:06:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang/go/issues/42535"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/golang/go/issues/42535",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/42535"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28851",
"datePublished": "2021-01-02T05:42:40.000Z",
"dateReserved": "2020-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
bit-golang-2020-28851
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:07
Modified
2025-04-03 14:40
Summary
Details
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "golang",
"purl": "pkg:bitnami/golang"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.4"
},
{
"fixed": "1.15.5"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2020-28851"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:golang:go:1.15.4:*:*:*:*:*:*:*",
"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)",
"id": "BIT-golang-2020-28851",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T11:07:21.401Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/golang/go/issues/42535"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851"
}
],
"schema_version": "1.5.0"
}
CVE-2020-28851
Vulnerability from osv_almalinux
Published
2022-10-25 00:00
Modified
2022-10-27 09:34
Summary
Moderate: git-lfs security and bug fix update
Details
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
- golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
- golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
- golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
- golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
- golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
- golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
- golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
- golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
- golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- git-lfs needs to be rebuild with golang 1.17.7-1 or above
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-lfs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.13.3-3.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* git-lfs needs to be rebuild with golang 1.17.7-1 or above",
"id": "ALSA-2022:7129",
"modified": "2022-10-27T09:34:45Z",
"published": "2022-10-25T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7129"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2020-28851"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2020-28852"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1913333"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1913338"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2107371"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2107374"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2107383"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2107386"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2107388"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2113814"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2124669"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7129.html"
}
],
"related": [
"CVE-2020-28851",
"CVE-2020-28852",
"CVE-2022-1705",
"CVE-2022-27664",
"CVE-2022-30630",
"CVE-2022-30632",
"CVE-2022-30635",
"CVE-2022-32148",
"CVE-2022-32189"
],
"summary": "Moderate: git-lfs security and bug fix update"
}
CVE-2020-28851
Vulnerability from osv_almalinux
Published
2022-11-15 00:00
Modified
2022-11-18 05:46
Summary
Moderate: podman security and bug fix update
Details
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
- golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
- golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
- podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)
- podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)
- containers/storage: DoS via malicious image (CVE-2021-20291)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
- golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "podman"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.2.0-3.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "podman-docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.2.0-3.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "podman-gvproxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.2.0-3.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "podman-plugins"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.2.0-3.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "podman-remote"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.2.0-3.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "podman-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.2.0-3.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n* podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)\n* podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)\n* containers/storage: DoS via malicious image (CVE-2021-20291)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:7954",
"modified": "2022-11-18T05:46:54Z",
"published": "2022-11-15T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2020-28851"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2020-28852"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-20199"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-20291"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-4024"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27191"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1913333"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1913338"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1919050"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1939485"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1983596"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1989570"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2026675"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2064702"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-7954.html"
}
],
"related": [
"CVE-2020-28851",
"CVE-2020-28852",
"CVE-2021-4024",
"CVE-2021-20199",
"CVE-2021-20291",
"CVE-2021-33197",
"CVE-2021-34558",
"CVE-2022-27191"
],
"summary": "Moderate: podman security and bug fix update"
}
GHSA-739F-9QHV-6594
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI?
Details
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
{
"affected": [],
"aliases": [
"CVE-2020-28851"
],
"database_specific": {
"cwe_ids": [
"CWE-129"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-02T06:15:00Z",
"severity": "HIGH"
},
"details": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)",
"id": "GHSA-739f-9qhv-6594",
"modified": "2022-05-24T17:37:38Z",
"published": "2022-05-24T17:37:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/issues/42535"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210212-0004"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2020-28851
Vulnerability from fkie_nvd - Published: 2021-01-02 06:15 - Updated: 2024-11-21 05:23
Severity ?
Summary
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/golang/go/issues/42535 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210212-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/golang/go/issues/42535 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0004/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57427CF7-E136-4F17-BBBA-1AAAA7333825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)"
},
{
"lang": "es",
"value": "En x/text en Go versi\u00f3n 1.15.4, se produce un p\u00e1nico \"index out of range\" en language.ParseAcceptLanguage mientras se analiza la extensi\u00f3n -u-.\u0026#xa0;(Se supone que x/text/language puede analizar un encabezado HTTP Accept-Language)."
}
],
"id": "CVE-2020-28851",
"lastModified": "2024-11-21T05:23:11.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-02T06:15:12.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/golang/go/issues/42535"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/golang/go/issues/42535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2023-AVI-0701
Vulnerability from certfr_avis - Published: 2023-08-31 - Updated: 2023-08-31
De multiples vulnérabilités ont été découvertes dans Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Universal Forwarder | Universal Forwarder versions 9.0.x antérieures à 9.0.6 | ||
| Splunk | N/A | Splunk ITSI versions 4.15.x antérieures à 4.15.3 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk Cloud versions antérieures à 9.0.2305.200 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.2.x antérieures à 8.2.12 | ||
| Splunk | N/A | Splunk ITSI versions 4.13.x antérieures à 4.13.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.1.x antérieures à 9.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.0.x antérieures à 9.0.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Universal Forwarder versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.15.x ant\u00e9rieures \u00e0 4.15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud versions ant\u00e9rieures \u00e0 9.0.2305.200",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk ITSI versions 4.13.x ant\u00e9rieures \u00e0 4.13.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2022-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40899"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2021-27919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27919"
},
{
"name": "CVE-2019-20454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20454"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4571"
},
{
"name": "CVE-2022-35260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2022-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40592"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-40596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40596"
},
{
"name": "CVE-2023-40594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40594"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2023-40595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40595"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"name": "CVE-2023-40597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40597"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2022-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2021-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-40598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40598"
},
{
"name": "CVE-2013-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7489"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-30560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
},
{
"name": "CVE-2023-40593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40593"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2022-30115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2021-20066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20066"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"initial_release_date": "2023-08-31T00:00:00",
"last_revision_date": "2023-08-31T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0701",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0802 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0804 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0806 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0806"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0810 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0810"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0807 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0807"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0808 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0808"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0803 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0803"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0801 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0801"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0805 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0805"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0809 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0809"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0811 du 30 ao\u00fbt 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0811"
}
]
}
CERTFR-2022-AVI-591
Vulnerability from certfr_avis - Published: 2022-06-30 - Updated: 2022-06-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus versions antérieures à 10.1.11 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions antérieures à 8.1.1.15 | ||
| IBM | N/A | IBM® Db2® et Db2 Warehouse® sur Cloud Pak for Data versions antérieures à 4.5.0 | ||
| IBM | Db2 | IBM® Db2® sur Openshift versions antérieures à 11.5.7.0-cn5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus versions ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions ant\u00e9rieures \u00e0 8.1.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM\u00ae Db2\u00ae et Db2 Warehouse\u00ae sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM\u00ae Db2\u00ae sur Openshift versions ant\u00e9rieures \u00e0 11.5.7.0-cn5",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29368",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
},
{
"name": "CVE-2021-20322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
},
{
"name": "CVE-2018-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1099"
},
{
"name": "CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2019-11249",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11249"
},
{
"name": "CVE-2020-8557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8557"
},
{
"name": "CVE-2020-7919",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7919"
},
{
"name": "CVE-2019-11247",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11247"
},
{
"name": "CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"name": "CVE-2021-42248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42248"
},
{
"name": "CVE-2018-1002105",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2020-15112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15112"
},
{
"name": "CVE-2021-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
},
{
"name": "CVE-2021-25736",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25736"
},
{
"name": "CVE-2020-27813",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27813"
},
{
"name": "CVE-2018-17848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17848"
},
{
"name": "CVE-2019-16884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16884"
},
{
"name": "CVE-2021-41864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2021-25735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25735"
},
{
"name": "CVE-2017-18367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18367"
},
{
"name": "CVE-2020-8564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8564"
},
{
"name": "CVE-2021-20206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
},
{
"name": "CVE-2019-11246",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11246"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2021-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3635"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2018-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1098"
},
{
"name": "CVE-2021-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
},
{
"name": "CVE-2019-11254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11254"
},
{
"name": "CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2020-8551",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8551"
},
{
"name": "CVE-2017-1002101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1002101"
},
{
"name": "CVE-2021-4157",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4157"
},
{
"name": "CVE-2020-15106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2021-20321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20321"
},
{
"name": "CVE-2018-17142",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17142"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2020-8552",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8552"
},
{
"name": "CVE-2021-20269",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20269"
},
{
"name": "CVE-2020-8554",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8554"
},
{
"name": "CVE-2019-11252",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11252"
},
{
"name": "CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"name": "CVE-2019-11250",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"name": "CVE-2020-8559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8559"
},
{
"name": "CVE-2020-10752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10752"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2020-15113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15113"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2018-17847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17847"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2020-26160",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2020-8555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8555"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2018-17143",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17143"
},
{
"name": "CVE-2019-11841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11841"
},
{
"name": "CVE-2018-20699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20699"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2020-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
},
{
"name": "CVE-2021-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
},
{
"name": "CVE-2019-1002101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1002101"
},
{
"name": "CVE-2021-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38201"
},
{
"name": "CVE-2021-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21781"
},
{
"name": "CVE-2022-0850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0850"
},
{
"name": "CVE-2021-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3538"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2021-25737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25737"
},
{
"name": "CVE-2018-17846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17846"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2021-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25741"
},
{
"name": "CVE-2018-16886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16886"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
},
{
"name": "CVE-2020-9283",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
},
{
"name": "CVE-2019-11840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11840"
},
{
"name": "CVE-2019-11251",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11251"
},
{
"name": "CVE-2020-36067",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36067"
}
],
"initial_release_date": "2022-06-30T00:00:00",
"last_revision_date": "2022-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-591",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596399 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596399"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596971 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596971"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6599703 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6599703"
}
]
}
GSD-2020-28851
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-28851",
"description": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)",
"id": "GSD-2020-28851",
"references": [
"https://www.suse.com/security/cve/CVE-2020-28851.html",
"https://access.redhat.com/errata/RHSA-2021:3016",
"https://access.redhat.com/errata/RHSA-2021:1168",
"https://security.archlinux.org/CVE-2020-28851",
"https://access.redhat.com/errata/RHSA-2022:0577",
"https://access.redhat.com/errata/RHSA-2022:1276",
"https://access.redhat.com/errata/RHSA-2022:7129",
"https://access.redhat.com/errata/RHSA-2022:7954",
"https://ubuntu.com/security/CVE-2020-28851"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-28851"
],
"details": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)",
"id": "GSD-2020-28851",
"modified": "2023-12-13T01:22:02.002143Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/golang/go/issues/42535",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/42535"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:1.15.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28851"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In x/text in Go 1.15.4, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/golang/go/issues/42535",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/golang/go/issues/42535"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0004/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-02-22T19:14Z",
"publishedDate": "2021-01-02T06:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…