Vulnerability-Lookup

CVE-2021-39134 (GCVE-0-2021-39134)

Vulnerability from cvelistv5 – Published: 2021-08-31 16:55 – Updated: 2024-08-04 01:58

Title

UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

Summary

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-61 - UNIX Symbolic Link (Symlink) Following

Assigner

GitHub_M

References

URL

Tags

	https://github.com/npm/arborist/security/advisori…	x_refsource_CONFIRM
	https://www.npmjs.com/package/%40npmcli/arborist	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	npm	arborist	Affected: < 2.8.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:17.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.npmjs.com/package/%40npmcli/arborist"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "arborist",
          "vendor": "npm",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`. Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-08T14:07:47.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.npmjs.com/package/%40npmcli/arborist"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        }
      ],
      "source": {
        "advisory": "GHSA-2h3h-q99f-3fhc",
        "discovery": "UNKNOWN"
      },
      "title": "UNIX Symbolic Link (Symlink) Following in @npmcli/arborist",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-39134",
          "STATE": "PUBLIC",
          "TITLE": "UNIX Symbolic Link (Symlink) Following in @npmcli/arborist"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "arborist",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.8.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "npm"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`. Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc",
              "refsource": "CONFIRM",
              "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
            },
            {
              "name": "https://www.npmjs.com/package/@npmcli/arborist",
              "refsource": "MISC",
              "url": "https://www.npmjs.com/package/@npmcli/arborist"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2h3h-q99f-3fhc",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-39134",
    "datePublished": "2021-08-31T16:55:11.000Z",
    "dateReserved": "2021-08-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:58:17.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2021-39134

Vulnerability from fkie_nvd - Published: 2021-08-31 17:15 - Updated: 2024-11-21 06:18

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc	Mitigation, Third Party Advisory
security-advisories@github.com	https://www.npmjs.com/package/%40npmcli/arborist
security-advisories@github.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.npmjs.com/package/%40npmcli/arborist
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
npmjs	arborist	*
npmjs	npm	*
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
siemens	sinec_infrastructure_network_services	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:npmjs:arborist:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "D3A10E91-51B2-4817-B6BD-E18383B823B9",
              "versionEndExcluding": "2.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A017D9F7-6B4C-4E21-A721-D97FD6A6330C",
              "versionEndExcluding": "7.20.7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
              "versionEndExcluding": "1.0.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`. Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above."
    },
    {
      "lang": "es",
      "value": "\"@npmcli/arborist\", la librer\u00eda que calcula los trees de dependencia y maneja la jerarqu\u00eda de carpetas \"node_modules\" para la interfaz de l\u00ednea de comandos de npm, presenta como objetivo garantizar que los contratos de dependencia de los paquetes se cumplan, y que la extracci\u00f3n de los contenidos de los paquetes sea llevada a cabo siempre en la carpeta esperada. Esto es conseguido, en parte, al resolver los especificadores de dependencia definidos en los manifiestos \"package.json\" para las dependencias con un nombre espec\u00edfico, y anidando las carpetas para resolver las dependencias conflictivas. Cuando las dependencias m\u00faltiples difieren s\u00f3lo en el caso de su nombre, la estructura de datos interna de Arborist las ve\u00eda como elementos separados que pod\u00edan coexistir dentro del mismo nivel en la jerarqu\u00eda \"node_modules\". Sin embargo, en los sistemas de archivos que no distinguen entre may\u00fasculas y min\u00fasculas (como macOS y Windows), esto no es as\u00ed. Combinado con una dependencia de symlink como \"file:/some/path\", esto permit\u00eda a un atacante crear una situaci\u00f3n en la que se pod\u00edan escribir contenidos arbitrarios en cualquier ubicaci\u00f3n del sistema de archivos. Por ejemplo, un paquete \"pwn-a\" podr\u00eda definir una dependencia en su archivo \"package.json\" como \"\"foo\": \"file:/some/path\"\". Otro paquete, \"pwn-b\" podr\u00eda definir una dependencia como \"FOO: \"file:foo.tgz\"\". En los sistemas de archivos que no distinguen entre may\u00fasculas y min\u00fasculas, si se instalara \"pwn-a\" y luego se instalara \"pwn-b\", el contenido de \"foo.tgz\" se escribir\u00eda en \"/some/path\", y cualquier contenido existente de \"/some/path\" se eliminar\u00eda. Cualquiera usando npm versiones v7.20.6 o anteriores en un sistema de archivos que no distinga entre may\u00fasculas y min\u00fasculas est\u00e1 potencialmente afectado. Esto est\u00e1 parcheado en @npmcli/arborist 2.8.2 que se incluye en npm versiones v7.20.7 y superiores"
    }
  ],
  "id": "CVE-2021-39134",
  "lastModified": "2024-11-21T06:18:39.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-31T17:15:08.147",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://www.npmjs.com/package/%40npmcli/arborist"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.npmjs.com/package/%40npmcli/arborist"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-178"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-216

Vulnerability from certfr_avis - Published: 2022-03-08 - Updated: 2022-03-08

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Mendix Forgot Password Appstore module versions 3.2.x antérieures à 3.2.2
Mendix Forgot Password Appstore module versions 3.3.x à 3.5.x antérieures à 3.5.1
Mendix Applications utilisant Mendix versions 7.x antérieures à 7.23.29
Mendix Applications utilisant Mendix versions 8.x antérieures à 8.18.16
COMOS versions antérieures à 10.4.1
Simcenter STAR-CCM+ Viewer versions antérieures à V2022.1
SIMOTICS CONNECT 400 versions antérieures à 1.0.0.0
Climatix POL909 (module AWB) versions antérieures à 11.44
Climatix POL909 (module AWM) versions antérieures à 11.36
RUGGEDCOM ROS M2100, RMC8388, RS416v2, RS900G, RS900G (32M), RSG900, RSG920P, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions antérieures à 5.6.0
SINUMERIK MC versions antérieures à 1.15 SP1
SINUMERIK ONE versions antérieures à 6.15 SP1
SINEC INS versions antérieures à 1.0.1.1
RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536 et RX5000 versions antérieures à 2.15.0
Polarion Subversion Webclient versions antérieures à 21 R2 P2
RUGGEDCOM ROS i800, i801, i802, i803, M969, M2100, M2200, RMC, RMC20, RMC30, RMC40, RMC41, RMC8388, RP110, RS400, RS401, RS416, RS416v2, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS900L, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RS8000, RS8000A, RS8000H, RS8000T, RSG900, RSG900C, RSG900G, RSG900R, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG2100, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions antérieures à 5.6.0

L'éditeur ne propose pas de correctif pour :

Mendix Applications utilisant Mendix versions 9
SINEC NMS toutes versions

Se référer aux mesures de contournement proposées dans la section Documentation.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-166747 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-252466 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-562051 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-223353 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-337210 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-148641 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-389290 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-764417 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-256353 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-703715 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-594438 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-415938 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-134279 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-155599 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-406691 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-250085 du 8 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eMendix Forgot Password Appstore module versions 3.2.x ant\u00e9rieures \u00e0 3.2.2\u003c/li\u003e \u003cli\u003eMendix Forgot Password Appstore module versions 3.3.x \u00e0 3.5.x ant\u00e9rieures \u00e0 3.5.1\u003c/li\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 7.x ant\u00e9rieures \u00e0 7.23.29\u003c/li\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 8.x ant\u00e9rieures \u00e0 8.18.16\u003c/li\u003e \u003cli\u003eCOMOS versions ant\u00e9rieures \u00e0 10.4.1\u003c/li\u003e \u003cli\u003eSimcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 V2022.1\u003c/li\u003e \u003cli\u003eSIMOTICS CONNECT 400 versions ant\u00e9rieures \u00e0 1.0.0.0\u003c/li\u003e \u003cli\u003eClimatix POL909 (module AWB) versions ant\u00e9rieures \u00e0 11.44\u003c/li\u003e \u003cli\u003eClimatix POL909 (module AWM) versions ant\u00e9rieures \u00e0 11.36\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROS M2100, RMC8388, RS416v2, RS900G, RS900G (32M), RSG900, RSG920P, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0\u003c/li\u003e \u003cli\u003eSINUMERIK MC versions ant\u00e9rieures \u00e0 1.15 SP1\u003c/li\u003e \u003cli\u003eSINUMERIK ONE versions ant\u00e9rieures \u00e0 6.15 SP1\u003c/li\u003e \u003cli\u003eSINEC INS versions ant\u00e9rieures \u00e0 1.0.1.1\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536 et RX5000 versions ant\u00e9rieures \u00e0 2.15.0\u003c/li\u003e \u003cli\u003ePolarion Subversion Webclient versions ant\u00e9rieures \u00e0 21 R2 P2\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROS i800, i801, i802, i803, M969, M2100, M2200, RMC, RMC20, RMC30, RMC40, RMC41, RMC8388, RP110, RS400, RS401, RS416, RS416v2, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS900L, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RS8000, RS8000A, RS8000H, RS8000T, RSG900, RSG900C, RSG900G, RSG900R, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG2100, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de correctif pour :\u003c/p\u003e \u003cul\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 9\u003c/li\u003e \u003cli\u003eSINEC NMS toutes versions\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es dans la section Documentation.\u003c/p\u003e \u003cp\u003e\u0026nbsp;\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44478"
    },
    {
      "name": "CVE-2021-22898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
    },
    {
      "name": "CVE-2020-13871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
    },
    {
      "name": "CVE-2021-42017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42017"
    },
    {
      "name": "CVE-2022-24282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24282"
    },
    {
      "name": "CVE-2021-25215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
    },
    {
      "name": "CVE-2019-19317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
    },
    {
      "name": "CVE-2020-8169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
    },
    {
      "name": "CVE-2021-25174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25174"
    },
    {
      "name": "CVE-2021-22925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
    },
    {
      "name": "CVE-2021-37701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
    },
    {
      "name": "CVE-2021-32944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32944"
    },
    {
      "name": "CVE-2019-19244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
    },
    {
      "name": "CVE-2021-27290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
    },
    {
      "name": "CVE-2021-42020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42020"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-22901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
    },
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2022-24281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24281"
    },
    {
      "name": "CVE-2021-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2019-19926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
    },
    {
      "name": "CVE-2020-9327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2020-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
    },
    {
      "name": "CVE-2021-22918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
    },
    {
      "name": "CVE-2020-27304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
    },
    {
      "name": "CVE-2021-32946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32946"
    },
    {
      "name": "CVE-2021-41543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41543"
    },
    {
      "name": "CVE-2020-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2021-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2021-40366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40366"
    },
    {
      "name": "CVE-2021-41542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41542"
    },
    {
      "name": "CVE-2021-41541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41541"
    },
    {
      "name": "CVE-2021-22924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
    },
    {
      "name": "CVE-2022-24309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24309"
    },
    {
      "name": "CVE-2020-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8265"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2019-19925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
    },
    {
      "name": "CVE-2021-22922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
    },
    {
      "name": "CVE-2019-19924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
    },
    {
      "name": "CVE-2021-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2022-26317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26317"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2021-32940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32940"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2021-37208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37208"
    },
    {
      "name": "CVE-2021-32948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2022-26313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26313"
    },
    {
      "name": "CVE-2021-22921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
    },
    {
      "name": "CVE-2021-25216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25216"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-43527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
    },
    {
      "name": "CVE-2019-19242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
    },
    {
      "name": "CVE-2021-22897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2021-25177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25177"
    },
    {
      "name": "CVE-2021-25175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25175"
    },
    {
      "name": "CVE-2021-22884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22884"
    },
    {
      "name": "CVE-2021-32952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32952"
    },
    {
      "name": "CVE-2019-19880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
    },
    {
      "name": "CVE-2018-7160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7160"
    },
    {
      "name": "CVE-2021-32950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32950"
    },
    {
      "name": "CVE-2021-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3672"
    },
    {
      "name": "CVE-2021-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
    },
    {
      "name": "CVE-2022-26314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26314"
    },
    {
      "name": "CVE-2021-31784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31784"
    },
    {
      "name": "CVE-2021-22883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22883"
    },
    {
      "name": "CVE-2020-8231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2021-25214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2021-31889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
    },
    {
      "name": "CVE-2022-24408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24408"
    },
    {
      "name": "CVE-2021-42016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42016"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2021-39134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2020-8287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8287"
    },
    {
      "name": "CVE-2021-22926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
    },
    {
      "name": "CVE-2022-24661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24661"
    },
    {
      "name": "CVE-2021-22890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
    },
    {
      "name": "CVE-2021-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2021-42018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42018"
    },
    {
      "name": "CVE-2021-22923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
    },
    {
      "name": "CVE-2019-19923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
    },
    {
      "name": "CVE-2021-39135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39135"
    },
    {
      "name": "CVE-2021-25176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25176"
    },
    {
      "name": "CVE-2021-31890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
    },
    {
      "name": "CVE-2021-25178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25178"
    },
    {
      "name": "CVE-2021-22876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
    },
    {
      "name": "CVE-2021-23362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
    },
    {
      "name": "CVE-2019-19603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
    },
    {
      "name": "CVE-2021-25217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
    },
    {
      "name": "CVE-2021-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25173"
    },
    {
      "name": "CVE-2021-22945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
    },
    {
      "name": "CVE-2022-25311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25311"
    },
    {
      "name": "CVE-2021-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
    },
    {
      "name": "CVE-2021-37209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
    },
    {
      "name": "CVE-2021-42019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42019"
    },
    {
      "name": "CVE-2020-8625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8625"
    }
  ],
  "initial_release_date": "2022-03-08T00:00:00",
  "last_revision_date": "2022-03-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-216",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166747 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-166747.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-252466 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-252466.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-562051 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-562051.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-223353 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-337210 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-337210.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148641 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-148641.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-389290 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-389290.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-256353 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-703715 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-703715.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-594438 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-594438.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-415938 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-415938.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-134279 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-134279.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-155599 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-155599.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-406691 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-406691.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-250085 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-250085.html"
    }
  ]
}

CERTFR-2021-AVI-943

Vulnerability from certfr_avis - Published: 2021-12-13 - Updated: 2021-12-13

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.13
IBM	Spectrum	IBM Spectrum Protect Client versions 7.1.x antérieures à 7.1.8.12
IBM	Spectrum	IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.13
IBM	N/A	Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions
IBM	Spectrum	IBM Spectrum Copy Data Management version 2.2.x antérieures à 2.2.14
IBM	Spectrum	IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.9

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6525034 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525250 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525260 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6524712 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525674 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6524908 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525554 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525182 du 10 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.12",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Copy Data Management version 2.2.x ant\u00e9rieures \u00e0 2.2.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.9",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-39154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39154"
    },
    {
      "name": "CVE-2021-21343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
    },
    {
      "name": "CVE-2021-38947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38947"
    },
    {
      "name": "CVE-2021-32027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
    },
    {
      "name": "CVE-2021-21348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
    },
    {
      "name": "CVE-2021-29505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29505"
    },
    {
      "name": "CVE-2021-39146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39146"
    },
    {
      "name": "CVE-2021-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
    },
    {
      "name": "CVE-2020-13956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-26258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2020-10683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
    },
    {
      "name": "CVE-2021-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2021-39149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39149"
    },
    {
      "name": "CVE-2021-39065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39065"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2020-26259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
    },
    {
      "name": "CVE-2021-39139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39139"
    },
    {
      "name": "CVE-2021-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2021-39064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39064"
    },
    {
      "name": "CVE-2021-39054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39054"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-35516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
    },
    {
      "name": "CVE-2021-39147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39147"
    },
    {
      "name": "CVE-2021-39152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39152"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2021-33197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2021-39145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39145"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2021-35065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
    },
    {
      "name": "CVE-2020-14314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
    },
    {
      "name": "CVE-2021-39144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39144"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2021-21347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2020-26217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
    },
    {
      "name": "CVE-2021-39151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39151"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2020-14385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
    },
    {
      "name": "CVE-2021-21346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2021-39148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39148"
    },
    {
      "name": "CVE-2021-21351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
    },
    {
      "name": "CVE-2021-21345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
    },
    {
      "name": "CVE-2021-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2021-34558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
    },
    {
      "name": "CVE-2021-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2021-32028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2021-29923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2021-39052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39052"
    },
    {
      "name": "CVE-2021-39150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39150"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2021-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2021-39134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
    },
    {
      "name": "CVE-2021-39140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39140"
    },
    {
      "name": "CVE-2021-39058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39058"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2021-39153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39153"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2021-21342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
    },
    {
      "name": "CVE-2021-23368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
    },
    {
      "name": "CVE-2021-39135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39135"
    },
    {
      "name": "CVE-2021-35515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
    },
    {
      "name": "CVE-2021-29060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
    },
    {
      "name": "CVE-2021-32029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32029"
    },
    {
      "name": "CVE-2021-21350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-39053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39053"
    },
    {
      "name": "CVE-2021-33195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2021-39141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39141"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2021-12-13T00:00:00",
  "last_revision_date": "2021-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-943",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges, un\nd\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance\n(XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525034 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525034"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525250 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525260 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525260"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6524712 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6524712"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525674 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525674"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6524908 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6524908"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525554 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525554"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525182 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525182"
    }
  ]
}

CERTFR-2021-AVI-881

Vulnerability from certfr_avis - Published: 2021-11-17 - Updated: 2021-11-17

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	WebSphere	IBM Rational Application Developer pour WebSphere Software versions antérieures à 9.6
IBM	N/A	IBM App Connect Professional versions antérieures à 7.5.2.0
IBM	WebSphere	IBM WebSphere Cast Iron versions antérieures à 7.5.0.0
IBM	WebSphere	IBM Rational Application Developer pour WebSphere Software versions antérieures à 9.7
IBM	N/A	IBM App Connect Professional versions antérieures à 7.5.5.0
IBM	WebSphere	IBM WebSphere Cast Iron versions antérieures à 7.5.1.0
IBM	N/A	IBM App Connect Professional versions antérieures à 7.5.3.0
IBM	WebSphere	IBM WebSphere Cast Iron versions antérieures à 7.5.0.1
IBM	N/A	IBM App Connect Professional versions antérieures à 7.5.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6516646 du 16 novembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6516792 du 16 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Rational Application Developer pour WebSphere Software versions ant\u00e9rieures \u00e0 9.6",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM App Connect Professional versions ant\u00e9rieures \u00e0 7.5.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Cast Iron versions ant\u00e9rieures \u00e0 7.5.0.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Application Developer pour WebSphere Software versions ant\u00e9rieures \u00e0 9.7",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM App Connect Professional versions ant\u00e9rieures \u00e0 7.5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Cast Iron versions ant\u00e9rieures \u00e0 7.5.1.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM App Connect Professional versions ant\u00e9rieures \u00e0 7.5.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Cast Iron versions ant\u00e9rieures \u00e0 7.5.0.1",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM App Connect Professional versions ant\u00e9rieures \u00e0 7.5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2021-39134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
    }
  ],
  "initial_release_date": "2021-11-17T00:00:00",
  "last_revision_date": "2021-11-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-881",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6516646 du 16 novembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6516646"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6516792 du 16 novembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6516792"
    }
  ]
}

GSD-2021-39134

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-39134

Aliases

CVE-2021-39134

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-39134",
    "description": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`. Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.",
    "id": "GSD-2021-39134",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-39134.html",
      "https://advisories.mageia.org/CVE-2021-39134.html",
      "https://security.archlinux.org/CVE-2021-39134"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-39134"
      ],
      "details": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`. Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.",
      "id": "GSD-2021-39134",
      "modified": "2023-12-13T01:23:15.623322Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-39134",
        "STATE": "PUBLIC",
        "TITLE": "UNIX Symbolic Link (Symlink) Following in @npmcli/arborist"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "arborist",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 2.8.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "npm"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`. Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc",
            "refsource": "CONFIRM",
            "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
          },
          {
            "name": "https://www.npmjs.com/package/@npmcli/arborist",
            "refsource": "MISC",
            "url": "https://www.npmjs.com/package/@npmcli/arborist"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-2h3h-q99f-3fhc",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.8.2",
          "affected_versions": "All versions before 2.8.2",
          "cvss_v2": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-178",
            "CWE-937"
          ],
          "date": "2022-08-12",
          "description": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.",
          "fixed_versions": [
            "2.8.2"
          ],
          "identifier": "CVE-2021-39134",
          "identifiers": [
            "CVE-2021-39134",
            "GHSA-2h3h-q99f-3fhc"
          ],
          "not_impacted": "All versions starting from 2.8.2",
          "package_slug": "npm/@npmcli/arborist",
          "pubdate": "2021-08-31",
          "solution": "Upgrade to version 2.8.2 or above.",
          "title": "UNIX Symbolic Link (Symlink) Following",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-39134",
            "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc",
            "https://www.npmjs.com/package/@npmcli/arborist",
            "https://www.oracle.com/security-alerts/cpuoct2021.html"
          ],
          "uuid": "0caee093-f7f8-410a-bf70-4894562743c2"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:npmjs:arborist:*:*:*:*:*:node.js:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.8.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.20.7",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-39134"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`. Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-178"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
            },
            {
              "name": "https://www.npmjs.com/package/@npmcli/arborist",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.npmjs.com/package/@npmcli/arborist"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-08-12T17:49Z",
      "publishedDate": "2021-08-31T17:15Z"
    }
  }
}

GHSA-2H3H-Q99F-3FHC

Vulnerability from github – Published: 2021-08-31 16:04 – Updated: 2022-08-15 20:08

Summary

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Details

Impact

Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution

@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.

This is, in part, accomplished by resolving dependency specifiers defined in package.json manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies.

When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the node_modules hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as file:/some/path, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem.

For example, a package pwn-a could define a dependency in their package.json file such as "foo": "file:/some/path". Another package, pwn-b could define a dependency such as FOO: "file:foo.tgz". On case-insensitive file systems, if pwn-a was installed, and then pwn-b was installed afterwards, the contents of foo.tgz would be written to /some/path, and any existing contents of /some/path would be removed.

Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected.

Patches

2.8.2 (included in npm v7.20.7 and above)

Fix and Caveats

There are two parts to the fix:

Immediately prior to extraction, if the target folder is not a directory, it is moved aside. (If the installation fails, filesystem entries moved aside in this manner are moved back as part of the rollback process.)
The children map that represents child nodes in the tree is replaced with a case-insensitive map object, such that node.children.get('foo') and node.children.get('FOO') will return the same object, enabling Arborist to detect and handle this class of tree collision.

This second item imposes a caveat on case sensitive filesystems where two packages with names which differ only in case may already exist at the same level in the tree, causing unpredictable behavior in this rare edge case. Note that in such cases, the package-lock.json already creates a situation which is hazardous to use on case-sensitive filesystems, and will likely lead to other problems.

If affected by this caveat, please run npm update to rebuild your tree and generate a new package-lock.json file.

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@npmcli/arborist"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-178",
      "CWE-59",
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-31T16:02:46Z",
    "nvd_published_at": "2021-08-31T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nArbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution\n\n`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.\n\nThis is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies.\n\nWhen multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy.  However, on case-insensitive file systems (such as macOS and Windows), this is not the case.  Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem.\n\nFor example, a package `pwn-a` could define a dependency in their `package.json` file such as `\"foo\": \"file:/some/path\"`.  Another package, `pwn-b` could define a dependency such as `FOO: \"file:foo.tgz\"`.  On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed.\n\nAnyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected.\n\n### Patches\n\n2.8.2 (included in npm v7.20.7 and above)\n\n### Fix and Caveats\n\nThere are two parts to the fix:\n\n1. Immediately prior to extraction, if the target folder is not a directory, it is moved aside.  (If the installation fails, filesystem entries moved aside in this manner are moved back as part of the rollback process.)\n2. The `children` map that represents child nodes in the tree is replaced with a case-insensitive map object, such that `node.children.get(\u0027foo\u0027)` and `node.children.get(\u0027FOO\u0027)` will return the same object, enabling Arborist to detect and handle this class of tree collision.\n\nThis second item imposes a caveat on case _sensitive_ filesystems where two packages with names which differ only in case may already exist at the same level in the tree, causing unpredictable behavior in this rare edge case.  Note that in such cases, the `package-lock.json` already creates a situation which is hazardous to use on case-sensitive filesystems, and will likely lead to other problems.\n\nIf affected by this caveat, please run `npm update` to rebuild your tree and generate a new `package-lock.json` file.",
  "id": "GHSA-2h3h-q99f-3fhc",
  "modified": "2022-08-15T20:08:31Z",
  "published": "2021-08-31T16:04:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39134"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/npm/arborist"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/@npmcli/arborist"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-39134 (GCVE-0-2021-39134)

FKIE_CVE-2021-39134

CERTFR-2022-AVI-216

Solution

CERTFR-2021-AVI-943

Solution

CERTFR-2021-AVI-881

Solution

GSD-2021-39134

GHSA-2H3H-Q99F-3FHC

Impact

Patches

Fix and Caveats

Tags

Sightings

Nomenclature