CVE-2021-41033
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.
En todas las versiones liberadas de Eclipse Equinox, al menos hasta la versión 4.21 (septiembre de 2021), la instalación puede ser vulnerable a un ataque de tipo man-in-the-middle si se usan repos p2 que son HTTP; esto puede entonces ser explotado para servir metadatos p2 incorrectos y alterar por completo la instalación local, particularmente mediante la instalación de plug-ins que luego pueden ejecutar código malicioso
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-13 CVE Reserved
- 2021-09-13 CVE Published
- 2024-05-29 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-300: Channel Accessible by Non-Endpoint
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688 | 2021-09-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eclipse Search vendor "Eclipse" | Equinox Search vendor "Eclipse" for product "Equinox" | < 4.21 Search vendor "Eclipse" for product "Equinox" and version " < 4.21" | - |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Equinox Search vendor "Eclipse" for product "Equinox" | 4.21 Search vendor "Eclipse" for product "Equinox" and version "4.21" | - |
Affected
| ||||||