VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qtbw-vpbp-aaaj

Essentials
Severities (108)
References (57)
Severity details (16)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-qtbw-vpbp-aaaj
Aliases	CVE-2021-4160 VC-OPENSSL-20220128-CVE-2021-4160
Summary	There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-327	Use of a Broken or Risky Cryptographic Algorithm

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00616	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00616	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00616	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00616	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=2048651
cvssv3.1	8.8	https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
generic_textual	HIGH	https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2021-4160
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2021-4160
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2021-4160
cvssv3.1	7.5	https://security.gentoo.org/glsa/202210-02
generic_textual	HIGH	https://security.gentoo.org/glsa/202210-02
cvssv3.1	7.5	https://www.debian.org/security/2022/dsa-5103
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5103
generic_textual	Moderate	https://www.openssl.org/news/secadv/20220128.txt
cvssv3.1	5.3	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-4160
		https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/openssl/openssl/commit/3bf7b73ea7123045b8f972badc67ed6878e6c37f
		https://github.com/openssl/openssl/commit/6fc1aaaf303185aa5e483e06bdfae16daa9193a7
		https://github.com/openssl/openssl/commit/e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
		https://security.gentoo.org/glsa/202210-02
		https://security.netapp.com/advisory/ntap-20240621-0006/
		https://www.debian.org/security/2022/dsa-5103
		https://www.openssl.org/news/secadv/20220128.txt
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.oracle.com/security-alerts/cpujul2022.html
2048651		https://bugzilla.redhat.com/show_bug.cgi?id=2048651
cpe:2.3:a:openssl:openssl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
cpe:2.3:a:openssl:openssl:3.0.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:-::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha1::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha10::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha11::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha12::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha13::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha14::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha15::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha16::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha17::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha2::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha3::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha4::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha5::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha6::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha7::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha8::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha9::::::
cpe:2.3:a:openssl:openssl:3.0.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:3.0.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:beta2::::::
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:::::::*
cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:::::::*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
cpe:2.3:a:siemens:sinec_ins::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins::::::::
cpe:2.3:a:siemens:sinec_ins:1.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2021-4160		https://nvd.nist.gov/vuln/detail/CVE-2021-4160

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4160

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4160

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4160

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.40908
EPSS Score	0.00212
Published At	April 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-4160
		https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/openssl/openssl/commit/3bf7b73ea7123045b8f972badc67ed6878e6c37f
		https://github.com/openssl/openssl/commit/6fc1aaaf303185aa5e483e06bdfae16daa9193a7
		https://github.com/openssl/openssl/commit/e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
		https://security.gentoo.org/glsa/202210-02
		https://security.netapp.com/advisory/ntap-20240621-0006/
		https://www.debian.org/security/2022/dsa-5103
		https://www.openssl.org/news/secadv/20220128.txt
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.oracle.com/security-alerts/cpujul2022.html
2048651		https://bugzilla.redhat.com/show_bug.cgi?id=2048651
cpe:2.3:a:openssl:openssl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
cpe:2.3:a:openssl:openssl:3.0.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:-::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha1::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha10::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha11::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha12::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha13::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha13::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha14::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha14::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha15::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha15::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha16::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha16::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha17::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha17::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha2::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha3::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha4::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha5::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha6::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha7::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha8::::::
cpe:2.3:a:openssl:openssl:3.0.0:alpha9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:alpha9::::::
cpe:2.3:a:openssl:openssl:3.0.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:3.0.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:3.0.0:beta2::::::
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:::::::*
cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:::::::*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
cpe:2.3:a:siemens:sinec_ins::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins::::::::
cpe:2.3:a:siemens:sinec_ins:1.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2021-4160		https://nvd.nist.gov/vuln/detail/CVE-2021-4160