CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20578
https://notcve.org/view.php?id=CVE-2021-20578
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, podría permitir a un atacante llevar a cabo acciones no autorizadas debido a controles de autenticación inapropiados o ausentes. IBM X-Force ID: 199282 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199282 https://www.ibm.com/support/pages/node/6493729 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3703 – serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
https://notcve.org/view.php?id=CVE-2021-3703
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0. Se ha detectado que las vulnerabilidades CVE-2021-27918, CVE-2021-31525 y CVE-2021-33196 se han mencionado incorrectamente como corregidas en RHSA para Serverless versión 1.16.0 y Serverless client kn versión 1.16.0. Estos han sido corregidos con Serverless versión 1.17.0. CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0. • https://access.redhat.com/security/cve/CVE-2021-3703 https://bugzilla.redhat.com/show_bug.cgi?id=1992955 •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2021-3597 – undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS
https://notcve.org/view.php?id=CVE-2021-3597
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. Se ha encontrado un fallo en Undertow. • https://bugzilla.redhat.com/show_bug.cgi?id=1970930 https://security.netapp.com/advisory/ntap-20220804-0003 https://access.redhat.com/security/cve/CVE-2021-3597 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2021-3690 – undertow: buffer leak on incoming websocket PONG message may lead to DoS
https://notcve.org/view.php?id=CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en Undertow. • https://access.redhat.com/security/cve/CVE-2021-3690 https://bugzilla.redhat.com/show_bug.cgi?id=1991299 https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877 https://issues.redhat.com/browse/UNDERTOW-1935 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2021-3642 – wildfly-elytron: possible timing attack in ScramServer
https://notcve.org/view.php?id=CVE-2021-3642
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. Se ha detectado un fallo en Wildfly Elytron en versiones anteriores a 1.10.14.Final, en versiones anteriores a la 1.15.5.Final y en versiones anteriores a la 1.16.1.Final donde ScramServer puede ser susceptible a Timing Attack si está habilitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad. A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. • https://bugzilla.redhat.com/show_bug.cgi?id=1981407 https://access.redhat.com/security/cve/CVE-2021-3642 • CWE-203: Observable Discrepancy •