VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zggp-qr1y-aaaf

Essentials
Severities (119)
References (33)
Severity details (33)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-zggp-qr1y-aaaf
Aliases	CVE-2021-22696 GHSA-7q4h-pj78-j7vg
Summary	Authorization service vulnerable to DDos attacks in Apache CFX
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-918	Server-Side Request Forgery (SSRF)
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:5134
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00297	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.00489	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
epss	0.02639	https://api.first.org/data/v1/epss?cve=CVE-2021-22696
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1946341
cvssv3.1	7.5	https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
generic_textual	HIGH	https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-7q4h-pj78-j7vg
cvssv3.1	3.7	https://github.com/apache/cxf
generic_textual	LOW	https://github.com/apache/cxf
cvssv3.1	7.5	https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
generic_textual	HIGH	https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
cvssv3.1	7.5	https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
generic_textual	HIGH	https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
cvssv3.1	7.5	https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
cvssv3.1	7.5	https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
cvssv3.1	7.5	https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
cvssv3.1	7.5	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
cvssv3.1	9.8	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
cvssv3.1	7.5	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
cvssv3.1	9.8	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-22696
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-22696
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-22696
cvssv3.1	5.3	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1	8.2	https://www.oracle.com/security-alerts/cpuoct2021.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpuoct2021.html
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2021/04/02/2
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2021/04/02/2

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-22696
		https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
		https://github.com/apache/cxf
		https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
		https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
		https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
		https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045%40%3Cannounce.apache.org%3E
		https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
		https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
		https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cdev.cxf.apache.org%3E
		https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cusers.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.oracle.com/security-alerts/cpuoct2021.html
		http://www.openwall.com/lists/oss-security/2021/04/02/2
1946341		https://bugzilla.redhat.com/show_bug.cgi?id=1946341
cpe:2.3:a:apache:cxf::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf::::::::
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::
cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0::::enterprise:::
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
cpe:2.3:a:oracle:communications_diameter_intelligence_hub::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_intelligence_hub::::::::
cpe:2.3:a:oracle:communications_element_manager:8.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.2:::::::*
cpe:2.3:a:oracle:communications_session_report_manager::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager::::::::
cpe:2.3:a:oracle:communications_session_route_manager::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager::::::::
CVE-2021-22696		https://nvd.nist.gov/vuln/detail/CVE-2021-22696
GHSA-7q4h-pj78-j7vg		https://github.com/advisories/GHSA-7q4h-pj78-j7vg
RHSA-2021:5134		https://access.redhat.com/errata/RHSA-2021:5134
RHSA-2022:7273		https://access.redhat.com/errata/RHSA-2022:7273

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/cxf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-22696

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-22696

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-22696

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuoct2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2021/04/02/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.69869
EPSS Score	0.00297
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.