Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-27221 (GCVE-0-2020-27221)
Vulnerability from cvelistv5 – Published: 2021-01-21 04:55 – Updated: 2024-08-04 16:11
VLAI?
EPSS
Summary
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
Severity ?
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse OpenJ9 |
Affected:
unspecified , ≤ 0.23
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:35.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse OpenJ9",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "0.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T18:39:09.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2020-27221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse OpenJ9",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.23"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2020-27221",
"datePublished": "2021-01-21T04:55:11.000Z",
"dateReserved": "2020-10-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:11:35.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2021-AVI-310
Vulnerability from certfr_avis - Published: 2021-04-23 - Updated: 2021-04-23
De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Db2 versions 9.7 antérieures à FP11 sans le dernier correctif et IBM JDK version antérieures à 7.0.10.80 | ||
| IBM | Db2 | IBM Db2 versions 11.1 antérieures à 11.1.4 FP6 sans le dernier correctif et IBM JDK version antérieures à 8.0.6.25 | ||
| IBM | Db2 | IBM Db2 versions 10.5 antérieures à FP11 sans le dernier correctif et et IBM JDK version antérieures à 7.0.10.80 | ||
| IBM | Db2 | IBM Db2 versions 11.5 antérieures à 11.5.5 FP1 sans le dernier correctif et IBM JDK version antérieures à 8.0.6.25 | ||
| IBM | Db2 | IBM Db2 versions 10.1 antérieures à FP6 sans le dernier correctif et IBM JDK version antérieures à 7.0.10.80 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Db2 versions 9.7 ant\u00e9rieures \u00e0 FP11 sans le dernier correctif et IBM JDK version ant\u00e9rieures \u00e0 7.0.10.80",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.1 ant\u00e9rieures \u00e0 11.1.4 FP6 sans le dernier correctif et IBM JDK version ant\u00e9rieures \u00e0 8.0.6.25",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.5 ant\u00e9rieures \u00e0 FP11 sans le dernier correctif et et IBM JDK version ant\u00e9rieures \u00e0 7.0.10.80",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.5 ant\u00e9rieures \u00e0 11.5.5 FP1 sans le dernier correctif et IBM JDK version ant\u00e9rieures \u00e0 8.0.6.25",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.1 ant\u00e9rieures \u00e0 FP6 sans le dernier correctif et IBM JDK version ant\u00e9rieures \u00e0 7.0.10.80",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-4739",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4739"
},
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
}
],
"initial_release_date": "2021-04-23T00:00:00",
"last_revision_date": "2021-04-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-310",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Db2. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Db2",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6446219 du 22 avril 2021",
"url": "https://www.ibm.com/support/pages/node/6446219"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6446277 du 22 avril 2021",
"url": "https://www.ibm.com/support/pages/node/6446277"
}
]
}
CERTFR-2021-AVI-210
Vulnerability from certfr_avis - Published: 2021-03-22 - Updated: 2021-03-22
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | App Connect Professional version 7.5.2.0 sans le dernier correctif (7520) | ||
| IBM | Db2 | IBM Db2 versions 10.5 antérieures à V10.5 FP11 sans le dernier correctif de sécurité | ||
| IBM | Db2 | IBM Db2 versions 10.1 antérieures à 10.1 FP6 sans le dernier correctif de sécurité | ||
| IBM | Db2 | IBM Db2 versions 9.7 antérieures à 9.7 FP11 sans le dernier correctif de sécurité | ||
| IBM | Db2 | IBM Db2 versions 11.1 antérieures à 11.1.4 FP6 | ||
| IBM | Db2 | IBM Db2 versions 11.5 antérieures à V11.5.5 sans le dernier correctif de sécurité | ||
| IBM | N/A | App Connect Professional version 7.5.3.0 sans le dernier correctif (7530) | ||
| IBM | WebSphere | IBM WebSphere Cast Iron Solution version 7.5.0.0, 7.5.0.1 et 7.5.1.0 sans le dernier correctif (7510) | ||
| IBM | N/A | App Connect Professional version 7.5.4.0 sans le dernier correctif (7540) |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "App Connect Professional version 7.5.2.0 sans le dernier correctif (7520)",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.5 ant\u00e9rieures \u00e0 V10.5 FP11 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.1 ant\u00e9rieures \u00e0 10.1 FP6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 9.7 ant\u00e9rieures \u00e0 9.7 FP11 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.1 ant\u00e9rieures \u00e0 11.1.4 FP6",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.5 ant\u00e9rieures \u00e0 V11.5.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "App Connect Professional version 7.5.3.0 sans le dernier correctif (7530)",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Cast Iron Solution version 7.5.0.0, 7.5.0.1 et 7.5.1.0 sans le dernier correctif (7510)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "App Connect Professional version 7.5.4.0 sans le dernier correctif (7540)",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
},
{
"name": "CVE-2020-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5025"
},
{
"name": "CVE-2020-5024",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5024"
}
],
"initial_release_date": "2021-03-22T00:00:00",
"last_revision_date": "2021-03-22T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-210",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6427855 du 19 mars 2021",
"url": "https://www.ibm.com/support/pages/node/6427855"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6427861 du 19 mars 2021",
"url": "https://www.ibm.com/support/pages/node/6427861"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6434163 du 19 mars 2021",
"url": "https://www.ibm.com/support/pages/node/6434163"
}
]
}
CERTFR-2021-AVI-395
Vulnerability from certfr_avis - Published: 2021-05-21 - Updated: 2021-05-21
De multiples vulnérabilités ont été découvertes dans IBM Spectrum Control. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 5.4.3",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2021-22884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22884"
},
{
"name": "CVE-2021-22883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22883"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-26296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26296"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
},
{
"name": "CVE-2020-5258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
}
],
"initial_release_date": "2021-05-21T00:00:00",
"last_revision_date": "2021-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-395",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\nControl. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum Control",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6454803 du 20 mai 2021",
"url": "https://www.ibm.com/support/pages/node/6454803"
}
]
}
CERTFR-2021-AVI-119
Vulnerability from certfr_avis - Published: 2021-02-12 - Updated: 2021-02-12
De multiples vulnérabilités ont été découvertes dans IBM SDK Java Technology Edition. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM SDK Java Technology Edition versions 7.0.x antérieures à 7.0.10.80 | ||
| IBM | N/A | IBM SDK Java Technology Edition versions 8.0.x antérieures à 8.0.6.25 | ||
| IBM | N/A | IBM SDK Java Technology Edition versions 11.0.x antérieures à 11.0.10.0 | ||
| IBM | N/A | IBM SDK Java Technology Edition versions 7.1.x antérieures à 7.1.4.80 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM SDK Java Technology Edition versions 7.0.x ant\u00e9rieures \u00e0 7.0.10.80",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SDK Java Technology Edition versions 8.0.x ant\u00e9rieures \u00e0 8.0.6.25",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SDK Java Technology Edition versions 11.0.x ant\u00e9rieures \u00e0 11.0.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SDK Java Technology Edition versions 7.1.x ant\u00e9rieures \u00e0 7.1.4.80",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
}
],
"initial_release_date": "2021-02-12T00:00:00",
"last_revision_date": "2021-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-119",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM SDK Java\nTechnology Edition. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM SDK Java Technology Edition",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6414721 du 11 f\u00e9vrier 2021",
"url": "https://www.ibm.com/support/pages/node/6414721"
}
]
}
CERTFR-2022-AVI-259
Vulnerability from certfr_avis - Published: 2022-03-21 - Updated: 2022-03-21
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Server versions 8.1.14.x ant\u00e9rieures \u00e0 8.1.14.100",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Control Center version 6.2.0.0 sans le correctif iFix07",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Control Center version 6.1.3.0 sans le correctif iFix12",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2022-22394",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22394"
},
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
}
],
"initial_release_date": "2022-03-21T00:00:00",
"last_revision_date": "2022-03-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-259",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6564745 du 18 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6564745"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6564757 du 18 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6564757"
}
]
}
CERTFR-2021-AVI-254
Vulnerability from certfr_avis - Published: 2021-04-14 - Updated: 2021-04-14
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Tivoli | IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.4.0.x antérieures à 7.4.0.1 avec le correctif IF0052 | ||
| IBM | N/A | InfoSphere Information Server on Cloud versions antérieures à 11.7.1.1 ou 11.7.1.0 avec le correctif Fix Pack 1 | ||
| IBM | Tivoli | IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.x dans le dernier correctif | ||
| IBM | N/A | InfoSphere Information Server versions antérieures à 11.7.1.1 ou 11.7.1.0 avec le correctif Fix Pack 1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.4.0.x ant\u00e9rieures \u00e0 7.4.0.1 avec le correctif IF0052",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "InfoSphere Information Server on Cloud versions ant\u00e9rieures \u00e0 11.7.1.1 ou 11.7.1.0 avec le correctif Fix Pack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.x dans le dernier correctif",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "InfoSphere Information Server versions ant\u00e9rieures \u00e0 11.7.1.1 ou 11.7.1.0 avec le correctif Fix Pack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2654"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2019-2978",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2978"
},
{
"name": "CVE-2019-2945",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2945"
},
{
"name": "CVE-2019-2958",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2958"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2019-2987",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2987"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2019-2988",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2988"
},
{
"name": "CVE-2020-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2601"
},
{
"name": "CVE-2020-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2593"
},
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2021-25329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25329"
},
{
"name": "CVE-2020-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2778"
},
{
"name": "CVE-2019-2962",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2962"
},
{
"name": "CVE-2019-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2981"
},
{
"name": "CVE-2019-2989",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2989"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2019-2933",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2933"
},
{
"name": "CVE-2020-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2583"
},
{
"name": "CVE-2019-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2964"
},
{
"name": "CVE-2021-25122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25122"
},
{
"name": "CVE-2019-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2999"
},
{
"name": "CVE-2020-2604",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2604"
},
{
"name": "CVE-2019-2949",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2949"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2020-2816",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2816"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2655"
},
{
"name": "CVE-2019-2894",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2894"
},
{
"name": "CVE-2020-2590",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2590"
},
{
"name": "CVE-2020-2767",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2767"
},
{
"name": "CVE-2019-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2992"
},
{
"name": "CVE-2019-2973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2973"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2019-2977",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2977"
},
{
"name": "CVE-2019-2983",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2983"
},
{
"name": "CVE-2019-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2975"
}
],
"initial_release_date": "2021-04-14T00:00:00",
"last_revision_date": "2021-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-254",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6436421 du 01 avril 2021",
"url": "https://www.ibm.com/support/pages/node/6436421"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6440909 du 07 avril 2021",
"url": "https://www.ibm.com/support/pages/node/6440909"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6442857 du 13 avril 2021",
"url": "https://www.ibm.com/support/pages/node/6442857"
}
]
}
CERTFR-2021-AVI-408
Vulnerability from certfr_avis - Published: 2021-05-27 - Updated: 2021-05-27
Une vulnérabilité a été découverte dans IBM Spectrum Protect Snapshot. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Snapshot versions 8.1.x ant\u00e9rieures \u00e0 8.1.11.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Snapshot versions 4.1.x ant\u00e9rieures \u00e0 4.1.6.5",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
}
],
"initial_release_date": "2021-05-27T00:00:00",
"last_revision_date": "2021-05-27T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-408",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans IBM Spectrum Protect Snapshot.\nElle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM Spectrum Protect Snapshot",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445459 du 26 mai 2021",
"url": "https://www.ibm.com/support/pages/node/6445459"
}
]
}
CERTFR-2021-AVI-489
Vulnerability from certfr_avis - Published: 2021-06-28 - Updated: 2021-06-28
De multiples vulnérabilités ont été découvertes dans IBM Spectrum Protect. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | Client IBM Spectrum Protect Backup-Archive versions 7.1.x antérieures à 7.1.8.11 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments versions 8.1.x antérieures à 8.1.12 | ||
| IBM | Spectrum | Client IBM Spectrum Protect Backup-Archive versions 8.1.x antérieures à 8.1.12 | ||
| IBM | Spectrum | IBM Spectrum Protect for Virtual Environments versions 7.1.x antérieures à 7.1.8.11 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.12 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Client IBM Spectrum Protect Backup-Archive versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments versions 8.1.x ant\u00e9rieures \u00e0 8.1.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Client IBM Spectrum Protect Backup-Archive versions 8.1.x ant\u00e9rieures \u00e0 8.1.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
},
{
"name": "CVE-2021-29672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29672"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2021-20546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20546"
}
],
"initial_release_date": "2021-06-28T00:00:00",
"last_revision_date": "2021-06-28T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-489",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\nProtect. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum Protect",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445497 du 25 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6445497"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445483 du 25 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6445483"
}
]
}
CERTFR-2021-AVI-467
Vulnerability from certfr_avis - Published: 2021-06-16 - Updated: 2021-06-16
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 7.1.x antérieures à 7.1.8.11 | ||
| IBM | Spectrum | IBM Spectrum Protect Snapshot for VMware versions 4.1.x antérieures à 4.1.6.12 | ||
| IBM | Db2 | IBM Db2 versions 11.1 antérieures à 11.1.4FP6 | ||
| IBM | Db2 | IBM Db2 versions 11.5 antérieures à 11.5.5FP1 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client versions 7.1.x antérieures à 7.1.8.11 | ||
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.12 | ||
| IBM | N/A | IBM Security Identity Manager versions 6.0.2 antérieures à 6.0.2-ISS-SIM-IF0003 | ||
| IBM | Spectrum | IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.12 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect for Space Management versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Snapshot for VMware versions 4.1.x ant\u00e9rieures \u00e0 4.1.6.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.1 ant\u00e9rieures \u00e0 11.1.4FP6",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 11.5 ant\u00e9rieures \u00e0 11.5.5FP1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security Identity Manager versions 6.0.2 ant\u00e9rieures \u00e0 6.0.2-ISS-SIM-IF0003",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-20483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20483"
},
{
"name": "CVE-2021-20488",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20488"
},
{
"name": "CVE-2020-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27221"
},
{
"name": "CVE-2021-29672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29672"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2021-20546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20546"
},
{
"name": "CVE-2021-29702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29702"
}
],
"initial_release_date": "2021-06-16T00:00:00",
"last_revision_date": "2021-06-16T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-467",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6463985 du 15 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6463985"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6464081 du 15 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6445497 du 14 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6445497"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6463165 du 14 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6463165"
}
]
}
CNVD-2021-08893
Vulnerability from cnvd - Published: 2021-02-03
VLAI Severity ?
Title
Eclipse OpenJ9缓冲区溢出漏洞(CNVD-2021-08893)
Description
Eclipse OpenJ9是Eclipse基金会的一款Java应用程序引擎。该产品主要用于运行Java应用程序。
Eclipse OpenJ9 0.23之前版本存在缓冲区溢出漏洞,该漏洞源于虚拟机或JNI原生机将UTF-8字符转换为平台编码时,可能会出现基于堆栈的缓冲区溢出。目前没有详细漏洞细节提供。
Severity
高
Patch Name
Eclipse OpenJ9缓冲区溢出漏洞(CNVD-2021-08893)的补丁
Patch Description
Eclipse OpenJ9是Eclipse基金会的一款Java应用程序引擎。该产品主要用于运行Java应用程序。
Eclipse OpenJ9 0.23之前版本存在缓冲区溢出漏洞,该漏洞源于虚拟机或JNI原生机将UTF-8字符转换为平台编码时,可能会出现基于堆栈的缓冲区溢出。目前没有详细漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新:https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-27221
Impacted products
| Name | Eclipse OpenJ9 <0.23 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-27221",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-27221"
}
},
"description": "Eclipse OpenJ9\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3eJava\u5e94\u7528\u7a0b\u5e8f\u5f15\u64ce\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u8fd0\u884cJava\u5e94\u7528\u7a0b\u5e8f\u3002\n\nEclipse OpenJ9 0.23\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u865a\u62df\u673a\u6216JNI\u539f\u751f\u673a\u5c06UTF-8\u5b57\u7b26\u8f6c\u6362\u4e3a\u5e73\u53f0\u7f16\u7801\u65f6\uff0c\u53ef\u80fd\u4f1a\u51fa\u73b0\u57fa\u4e8e\u5806\u6808\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://bugs.eclipse.org/bugs/show_bug.cgi?id=569763",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-08893",
"openTime": "2021-02-03",
"patchDescription": "Eclipse OpenJ9\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3eJava\u5e94\u7528\u7a0b\u5e8f\u5f15\u64ce\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u8fd0\u884cJava\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nEclipse OpenJ9 0.23\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u865a\u62df\u673a\u6216JNI\u539f\u751f\u673a\u5c06UTF-8\u5b57\u7b26\u8f6c\u6362\u4e3a\u5e73\u53f0\u7f16\u7801\u65f6\uff0c\u53ef\u80fd\u4f1a\u51fa\u73b0\u57fa\u4e8e\u5806\u6808\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Eclipse OpenJ9\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-08893\uff09\u7684\u8865\u4e01",
"products": {
"product": "Eclipse OpenJ9 \u003c0.23"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-27221",
"serverity": "\u9ad8",
"submitTime": "2021-01-22",
"title": "Eclipse OpenJ9\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-08893\uff09"
}
FKIE_CVE-2020-27221
Vulnerability from fkie_nvd - Published: 2021-01-21 05:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
References
| URL | Tags | ||
|---|---|---|---|
| emo@eclipse.org | https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE20D12-8EDF-437A-B6D7-950C495A520E",
"versionEndIncluding": "0.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding."
},
{
"lang": "es",
"value": "En Eclipse OpenJ9 hasta la versi\u00f3n 0.23 incluy\u00e9ndola, se presenta un potencial desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria cuando la m\u00e1quina virtual o nativas de JNI est\u00e1n convirtiendo caracteres UTF-8 a la codificaci\u00f3n de plataforma"
}
],
"id": "CVE-2020-27221",
"lastModified": "2024-11-21T05:20:53.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-21T05:15:10.600",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-27221
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-27221",
"description": "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.",
"id": "GSD-2020-27221",
"references": [
"https://www.suse.com/security/cve/CVE-2020-27221.html",
"https://access.redhat.com/errata/RHSA-2021:0736",
"https://access.redhat.com/errata/RHSA-2021:0733",
"https://access.redhat.com/errata/RHSA-2021:0717"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-27221"
],
"details": "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.",
"id": "GSD-2020-27221",
"modified": "2023-12-13T01:22:11.399941Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2020-27221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse OpenJ9",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.23"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.23.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2020-27221"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-03-02T21:09Z",
"publishedDate": "2021-01-21T05:15Z"
}
}
}
CVE-2020-27221
Vulnerability from fstec - Published: 21.01.2021
VLAI Severity ?
Title
Уязвимость виртуальной машины Eclipse OpenJ9, связанная с ошибками при обработке данных с кодировкой UTF-8, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость виртуальной машины Eclipse OpenJ9 связана с ошибками при обработке данных с кодировкой UTF-8. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Eclipse Foundation
Software Name
Eclipse OpenJ9
Software Version
до 0.23.0 (Eclipse OpenJ9)
Possible Mitigations
Использование рекомендаций:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763
Reference
https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763
https://www.cybersecurity-help.cz/vdb/SB2021012130
CWE
CWE-121
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Eclipse Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 0.23.0 (Eclipse OpenJ9)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=569763",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.01.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.02.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00642",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-27221",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Eclipse OpenJ9",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b Eclipse OpenJ9, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u043e\u0439 UTF-8, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0441\u0442\u0435\u043a\u0435 (CWE-121)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b Eclipse OpenJ9 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u043e\u0439 UTF-8. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763\nhttps://www.cybersecurity-help.cz/vdb/SB2021012130",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-121",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
GHSA-768G-GF3V-34VM
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2024-04-04 03:04
VLAI?
Details
In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2020-27221"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-21T05:15:00Z",
"severity": "CRITICAL"
},
"details": "In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.",
"id": "GHSA-768g-gf3v-34vm",
"modified": "2024-04-04T03:04:15Z",
"published": "2022-05-24T17:40:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27221"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…