VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4w3t-um11-aaah

Essentials
Severities (107)
References (40)
Severity details (30)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-4w3t-um11-aaah
Aliases	CVE-2017-5637 GHSA-7cwj-j333-x7f7
Summary	Missing Authentication for Critical Function Two `wchp` and `wchc` commands are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-400	Uncontrolled Resource Consumption
CWE-306	Missing Authentication for Critical Function
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5637.html
rhas	Important	https://access.redhat.com/errata/RHSA-2017:2477
rhas	Moderate	https://access.redhat.com/errata/RHSA-2017:3354
rhas	Moderate	https://access.redhat.com/errata/RHSA-2017:3355
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5637.json
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.04537	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.16211	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.19977	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
epss	0.34879	https://api.first.org/data/v1/epss?cve=CVE-2017-5637
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1454808
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-7cwj-j333-x7f7
cvssv3.1	7.5	https://issues.apache.org/jira/browse/ZOOKEEPER-2693
generic_textual	HIGH	https://issues.apache.org/jira/browse/ZOOKEEPER-2693
cvssv3.1	5.3	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
cvssv3.1	8.1	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
cvssv3.1	7.5	https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E
cvssv3.1	9.8	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
generic_textual	CRITICAL	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
cvssv3.1	6.1	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
cvssv3.1	9.8	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
generic_textual	CRITICAL	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
cvssv3.1	6.1	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2017-5637
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2017-5637
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpujul2020.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpujul2020.html
cvssv3.1	5.3	https://www.oracle.com//security-alerts/cpujul2021.html
generic_textual	MODERATE	https://www.oracle.com//security-alerts/cpujul2021.html
cvssv3.1	7.5	http://www.debian.org/security/2017/dsa-3871
generic_textual	HIGH	http://www.debian.org/security/2017/dsa-3871
cvssv3.1	7.5	http://www.securityfocus.com/bid/98814
generic_textual	HIGH	http://www.securityfocus.com/bid/98814

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5637.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5637.json
		https://api.first.org/data/v1/epss?cve=CVE-2017-5637
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637
		https://issues.apache.org/jira/browse/ZOOKEEPER-2693
		https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
		https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
		https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E
		https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3E
		https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
		https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
		https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
		https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
		https://www.oracle.com/security-alerts/cpujul2020.html
		https://www.oracle.com//security-alerts/cpujul2021.html
		http://www.debian.org/security/2017/dsa-3871
		http://www.securityfocus.com/bid/98814
1454808		https://bugzilla.redhat.com/show_bug.cgi?id=1454808
863811		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863811
cpe:2.3:a:apache:zookeeper:3.4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.0:::::::*
cpe:2.3:a:apache:zookeeper:3.4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.1:::::::*
cpe:2.3:a:apache:zookeeper:3.4.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.2:::::::*
cpe:2.3:a:apache:zookeeper:3.4.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.3:::::::*
cpe:2.3:a:apache:zookeeper:3.4.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.4:::::::*
cpe:2.3:a:apache:zookeeper:3.4.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.5:::::::*
cpe:2.3:a:apache:zookeeper:3.4.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.6:::::::*
cpe:2.3:a:apache:zookeeper:3.4.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.7:::::::*
cpe:2.3:a:apache:zookeeper:3.4.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.8:::::::*
cpe:2.3:a:apache:zookeeper:3.4.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.4.9:::::::*
cpe:2.3:a:apache:zookeeper:3.5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.5.0:::::::*
cpe:2.3:a:apache:zookeeper:3.5.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.5.1:::::::*
cpe:2.3:a:apache:zookeeper:3.5.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:zookeeper:3.5.2:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
CVE-2017-5637	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/42294.py
CVE-2017-5637		https://nvd.nist.gov/vuln/detail/CVE-2017-5637
GHSA-7cwj-j333-x7f7		https://github.com/advisories/GHSA-7cwj-j333-x7f7
RHSA-2017:2477		https://access.redhat.com/errata/RHSA-2017:2477
RHSA-2017:3354		https://access.redhat.com/errata/RHSA-2017:3354
RHSA-2017:3355		https://access.redhat.com/errata/RHSA-2017:3355
USN-USN-4789-1		https://usn.ubuntu.com/USN-4789-1/

Data source	Exploit-DB
Date added	July 4, 2017
Description	Zookeeper 3.5.2 Client - Denial of Service
Ransomware campaign use	Unknown
Source publication date	July 2, 2017
Exploit type	dos
Platform	multiple
Source update date	Oct. 4, 2017

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5637.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.apache.org/jira/browse/ZOOKEEPER-2693

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-5637

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-5637

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com//security-alerts/cpujul2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.debian.org/security/2017/dsa-3871

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.securityfocus.com/bid/98814

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.92704
EPSS Score	0.04537
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.