VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6zmg-trun-aaac

Essentials
Severities (115)
References (57)
Severity details (25)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-6zmg-trun-aaac
Aliases	CVE-2021-30640 GHSA-36qh-35cm-5w2w
Summary	Authentication Bypass by Alternate Name in Apache Tomcat
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-116	Improper Encoding or Escaping of Output
CWE-287	Improper Authentication
CWE-289	Authentication Bypass by Alternate Name
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2021:4861
rhas	Important	https://access.redhat.com/errata/RHSA-2021:4863
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1179
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5532
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00311	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00311	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00311	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00311	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00311	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00311	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00314	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00314	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
epss	0.00579	https://api.first.org/data/v1/epss?cve=CVE-2021-30640
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=1981544
apache_tomcat	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-36qh-35cm-5w2w
cvssv3.1	6.5	https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
cvssv3.1	5.3	https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html
cvssv2	5.8	https://nvd.nist.gov/vuln/detail/CVE-2021-30640
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2021-30640
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2021-30640
cvssv3.1	6.1	https://security.gentoo.org/glsa/202208-34
generic_textual	MODERATE	https://security.gentoo.org/glsa/202208-34
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20210827-0007
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20210827-0007
cvssv3.1	5.3	https://www.debian.org/security/2021/dsa-4952
generic_textual	MODERATE	https://www.debian.org/security/2021/dsa-4952
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4986
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4986
cvssv3.1	6.6	https://www.oracle.com/security-alerts/cpujan2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpujan2022.html
cvssv3.1	5.3	https://www.oracle.com//security-alerts/cpujul2021.html
generic_textual	MODERATE	https://www.oracle.com//security-alerts/cpujul2021.html
cvssv3.1	8.2	https://www.oracle.com/security-alerts/cpuoct2021.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpuoct2021.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-30640
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100
		https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f
		https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c
		https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
		https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
		https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7
		https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe
		https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
		https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434
		https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b
		https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89
		https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56
		https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
		https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43
		https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b
		https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef
		https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb
		https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e
		https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822
		https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
		https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667
		https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9
		https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862
		https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51
		https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6
		https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
		https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html
		https://security.gentoo.org/glsa/202208-34
		https://security.netapp.com/advisory/ntap-20210827-0007
		https://security.netapp.com/advisory/ntap-20210827-0007/
		https://www.debian.org/security/2021/dsa-4952
		https://www.debian.org/security/2021/dsa-4986
		https://www.oracle.com/security-alerts/cpujan2022.html
		https://www.oracle.com//security-alerts/cpujul2021.html
		https://www.oracle.com/security-alerts/cpuoct2021.html
1981544		https://bugzilla.redhat.com/show_bug.cgi?id=1981544
991046		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::*
cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:::::::*
cpe:2.3:a:oracle:tekelec_platform_distribution::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:tekelec_platform_distribution::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2021-30640		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640
CVE-2021-30640		https://nvd.nist.gov/vuln/detail/CVE-2021-30640
GHSA-36qh-35cm-5w2w		https://github.com/advisories/GHSA-36qh-35cm-5w2w
RHSA-2021:4861		https://access.redhat.com/errata/RHSA-2021:4861
RHSA-2021:4863		https://access.redhat.com/errata/RHSA-2021:4863
RHSA-2022:1179		https://access.redhat.com/errata/RHSA-2022:1179
RHSA-2022:5532		https://access.redhat.com/errata/RHSA-2022:5532
USN-5360-1		https://usn.ubuntu.com/5360-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30640

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30640

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30640

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://security.gentoo.org/glsa/202208-34

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20210827-0007

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2021/dsa-4952

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2021/dsa-4986

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com//security-alerts/cpujul2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuoct2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.47966
EPSS Score	0.00128
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.