Search for vulnerabilities
Vulnerability details: VCID-v2he-mm5s-aaaj
Vulnerability ID VCID-v2he-mm5s-aaaj
Aliases CVE-2021-44790
Summary A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-400 Uncontrolled Resource Consumption
System Score Found at
generic_textual Medium http://httpd.apache.org/security/vulnerabilities_24.html
rhas Important https://access.redhat.com/errata/RHSA-2022:0143
rhas Important https://access.redhat.com/errata/RHSA-2022:0258
rhas Important https://access.redhat.com/errata/RHSA-2022:0288
rhas Important https://access.redhat.com/errata/RHSA-2022:0303
rhas Important https://access.redhat.com/errata/RHSA-2022:1136
rhas Important https://access.redhat.com/errata/RHSA-2022:1137
rhas Important https://access.redhat.com/errata/RHSA-2022:1138
rhas Important https://access.redhat.com/errata/RHSA-2022:1139
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.13046 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.14289 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.16830 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.16830 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.78877 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.78877 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.78877 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.78877 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.79123 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.81824 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.81824 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.82027 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.82027 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.82027 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.83789 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.84979 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.85161 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.85858 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.85858 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.85858 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.85858 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.85858 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.86023 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.86023 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.86023 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.86023 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2034674
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2022/May/33
generic_textual HIGH http://seclists.org/fulldisclosure/2022/May/33
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2022/May/35
generic_textual HIGH http://seclists.org/fulldisclosure/2022/May/35
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2022/May/38
generic_textual HIGH http://seclists.org/fulldisclosure/2022/May/38
cvssv3.1 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd important https://httpd.apache.org/security/json/CVE-2021-44790.json
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44790
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44790
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44790
cvssv3.1 7.5 https://support.apple.com/kb/HT213255
generic_textual HIGH https://support.apple.com/kb/HT213255
cvssv3.1 7.5 https://support.apple.com/kb/HT213256
generic_textual HIGH https://support.apple.com/kb/HT213256
cvssv3.1 7.5 https://support.apple.com/kb/HT213257
generic_textual HIGH https://support.apple.com/kb/HT213257
cvssv3.1 5.3 https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual MODERATE https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1 6.6 https://www.oracle.com/security-alerts/cpujan2022.html
generic_textual MODERATE https://www.oracle.com/security-alerts/cpujan2022.html
Reference id Reference type URL
http://httpd.apache.org/security/vulnerabilities_24.html
http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json
https://api.first.org/data/v1/epss?cve=CVE-2021-44790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://security.gentoo.org/glsa/202208-20
https://security.netapp.com/advisory/ntap-20211224-0001/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://www.debian.org/security/2022/dsa-5035
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2022-01
https://www.tenable.com/security/tns-2022-03
http://www.openwall.com/lists/oss-security/2021/12/20/4
2034674 https://bugzilla.redhat.com/show_bug.cgi?id=2034674
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2021-44790 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py
CVE-2021-44790 https://httpd.apache.org/security/json/CVE-2021-44790.json
CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790
RHSA-2022:0143 https://access.redhat.com/errata/RHSA-2022:0143
RHSA-2022:0258 https://access.redhat.com/errata/RHSA-2022:0258
RHSA-2022:0288 https://access.redhat.com/errata/RHSA-2022:0288
RHSA-2022:0303 https://access.redhat.com/errata/RHSA-2022:0303
RHSA-2022:1136 https://access.redhat.com/errata/RHSA-2022:1136
RHSA-2022:1137 https://access.redhat.com/errata/RHSA-2022:1137
RHSA-2022:1138 https://access.redhat.com/errata/RHSA-2022:1138
RHSA-2022:1139 https://access.redhat.com/errata/RHSA-2022:1139
USN-5212-1 https://usn.ubuntu.com/5212-1/
USN-5212-2 https://usn.ubuntu.com/5212-2/
Data source Exploit-DB
Date added April 1, 2023
Description Apache 2.4.x - Buffer Overflow
Ransomware campaign use Known
Source publication date April 1, 2023
Exploit type webapps
Platform multiple
Source update date June 7, 2023
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/May/33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/May/35
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/May/38
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44790
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44790
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44790
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT213255
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT213256
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT213257
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95670
EPSS Score 0.13046
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.