Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-8012 (GCVE-0-2018-8012)
Vulnerability from cvelistv5 – Published: 2018-05-21 19:00 – Updated: 2024-09-17 00:01
VLAI
EPSS
Summary
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
Severity
No CVSS data available.
CWE
- Gain Privilege
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4214 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id/1040948 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/104253 | vdb-entryx_refsource_BID |
| https://lists.apache.org/thread.html/053d9ce4d579… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/bcce5a9c532b… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rca37935d661… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://lists.apache.org/thread.html/c75147028c1c… | x_refsource_MISC |
| https://lists.apache.org/thread.html/r8f0d920805a… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rc5bc4ddb0de… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r73daf1fc5d8… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/re3a4048e951… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache ZooKeeper |
Affected:
Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta
|
Date Public
2018-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4214",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"name": "1040948",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040948"
},
{
"name": "104253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104253"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache ZooKeeper",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta"
}
]
}
],
"datePublic": "2018-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:06:52.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "DSA-4214",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"name": "1040948",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040948"
},
{
"name": "104253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104253"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-8012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ZooKeeper",
"version": {
"version_data": [
{
"version_value": "Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4214",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"name": "1040948",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040948"
},
{
"name": "104253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104253"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8012",
"datePublished": "2018-05-21T19:00:00.000Z",
"dateReserved": "2018-03-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:04.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-8012",
"date": "2026-05-25",
"epss": "0.01372",
"percentile": "0.80465"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.10\", \"matchCriteriaId\": \"AF046E81-F6AA-4138-9493-56238351A16E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.5.0\", \"versionEndIncluding\": \"3.5.3\", \"matchCriteriaId\": \"B40328D8-7E48-43E0-B7CB-722406390A4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F0F84E2-88CE-4350-B342-DA761D43682E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C99F52-0D85-41C8-A0DA-CE29C917ADDC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.1.0.0.1\", \"matchCriteriaId\": \"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.\"}, {\"lang\": \"es\", \"value\": \"No se aplica autenticaci\\u00f3n/autorizaci\\u00f3n cuando un servidor intenta unirse a un quorum en Apache ZooKeeper en versiones anteriores a la 3.4.10 y 3.5.0-alpha hasta 3.5.3-beta. Como resultado, un endpoint arbitrario podr\\u00eda unirse al cl\\u00faster y comenzar a propagar cambios falsos al l\\u00edder.\"}]",
"id": "CVE-2018-8012",
"lastModified": "2024-11-21T04:13:05.407",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-05-21T19:29:00.250",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/104253\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040948\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4214\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104253\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-8012\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-05-21T19:29:00.250\",\"lastModified\":\"2024-11-21T04:13:05.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.\"},{\"lang\":\"es\",\"value\":\"No se aplica autenticaci\u00f3n/autorizaci\u00f3n cuando un servidor intenta unirse a un quorum en Apache ZooKeeper en versiones anteriores a la 3.4.10 y 3.5.0-alpha hasta 3.5.3-beta. Como resultado, un endpoint arbitrario podr\u00eda unirse al cl\u00faster y comenzar a propagar cambios falsos al l\u00edder.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.10\",\"matchCriteriaId\":\"AF046E81-F6AA-4138-9493-56238351A16E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndIncluding\":\"3.5.3\",\"matchCriteriaId\":\"B40328D8-7E48-43E0-B7CB-722406390A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0F84E2-88CE-4350-B342-DA761D43682E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C99F52-0D85-41C8-A0DA-CE29C917ADDC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1.0.0.1\",\"matchCriteriaId\":\"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104253\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040948\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4214\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104253\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
BDU:2019-03811
Vulnerability from fstec - Published: 21.05.2018
VLAI
Title
Уязвимость централизованной службы для поддержки информации о конфигурации, именования, обеспечения распределенной синхронизации и предоставления групповых служб Apache ZooKeeper, позволяющая нарушителю записать произвольные файлы в операционной системе уязвимого устройства
Description
Уязвимость централизованной службы для поддержки информации о конфигурации, именования, обеспечения распределенной синхронизации и предоставления групповых служб Apache ZooKeeper существует из-за отсутствия аутентификации при присоединении к кворуму. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, записать произвольные файлы в операционной системе уязвимого устройства
Severity
Vendor
Сообщество свободного программного обеспечения, Apache Software Foundation, ООО «Ред Софт»
Software Name
Debian GNU/Linux, ZooKeeper, РЕД ОС (запись в едином реестре российских программ №3751)
Software Version
9 (Debian GNU/Linux), 8 (Debian GNU/Linux), до 3.4.10 (ZooKeeper), от 3.5.0 до 3.5.3 (ZooKeeper), 3.5.0 alpha (ZooKeeper), 3.5.3 beta (ZooKeeper), 7.3 (РЕД ОС)
Possible Mitigations
Использование рекомендаций:
Для Apache ZooKeeper:
https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E
Для Debian GNU/Linux:
https://www.debian.org/security/2018/dsa-4214
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10967&cat=SIRT_1&actp=LIST
https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E
https://www.debian.org/security/2018/dsa-4214
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-862
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Apache Software Foundation, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 8 (Debian GNU/Linux), \u0434\u043e 3.4.10 (ZooKeeper), \u043e\u0442 3.5.0 \u0434\u043e 3.5.3 (ZooKeeper), 3.5.0 alpha (ZooKeeper), 3.5.3 beta (ZooKeeper), 7.3 (\u0420\u0415\u0414 \u041e\u0421)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache ZooKeeper:\nhttps://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2018/dsa-4214\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.05.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.08.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.10.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-03811",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-8012",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, ZooKeeper, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0445 \u0441\u043b\u0443\u0436\u0431 Apache ZooKeeper, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 (CWE-862)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0445 \u0441\u043b\u0443\u0436\u0431 Apache ZooKeeper \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0438 \u043a \u043a\u0432\u043e\u0440\u0443\u043c\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10967\u0026cat=SIRT_1\u0026actp=LIST\nhttps://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E\nhttps://www.debian.org/security/2018/dsa-4214\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-862",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CNVD-2018-12670
Vulnerability from cnvd - Published: 2018-07-06
VLAI
Title
Apache ZooKeeper安全绕过漏洞
Description
Apache Zookeeper是美国阿帕奇(Apache)软件基金会的一个软件项目,它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。
Apache ZooKeeper 3.4.10之前版本和3.5.0-alpha版本至3.5.3-beta版本中存在安全漏洞,该漏洞源于程序未能强制执行身份验证/授权检测。攻击者可利用该漏洞修改目标系统上的数据。
Severity
中
Patch Name
Apache ZooKeeper安全绕过漏洞的补丁
Patch Description
Apache Zookeeper是美国阿帕奇(Apache)软件基金会的一个软件项目,它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。
Apache ZooKeeper 3.4.10之前版本和3.5.0-alpha版本至3.5.3-beta版本中存在安全漏洞,该漏洞源于程序未能强制执行身份验证/授权检测。攻击者可利用该漏洞修改目标系统上的数据。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: http://zookeeper.apache.org/security.html#CVE-2018-8012
Reference
https://securitytracker.com/id/1040948
Impacted products
| Name | ['Apache Zookeeper <3.4.10', 'Apache Zookeeper 3.5.0-alpha - 3.5.3-beta'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "104253"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-8012"
}
},
"description": "Apache Zookeeper\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u8f6f\u4ef6\u9879\u76ee\uff0c\u5b83\u80fd\u591f\u4e3a\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u63d0\u4f9b\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u914d\u7f6e\u670d\u52a1\u3001\u540c\u6b65\u670d\u52a1\u548c\u547d\u540d\u6ce8\u518c\u7b49\u529f\u80fd\u3002\r\n\r\nApache ZooKeeper 3.4.10\u4e4b\u524d\u7248\u672c\u548c3.5.0-alpha\u7248\u672c\u81f33.5.3-beta\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5f3a\u5236\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1/\u6388\u6743\u68c0\u6d4b\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u76ee\u6807\u7cfb\u7edf\u4e0a\u7684\u6570\u636e\u3002",
"discovererName": "F\u00c3\u00b6ldi Tam\u00c3\u00a1s and Eugene Koontz",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://zookeeper.apache.org/security.html#CVE-2018-8012",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-12670",
"openTime": "2018-07-06",
"patchDescription": "Apache Zookeeper\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u8f6f\u4ef6\u9879\u76ee\uff0c\u5b83\u80fd\u591f\u4e3a\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u63d0\u4f9b\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u914d\u7f6e\u670d\u52a1\u3001\u540c\u6b65\u670d\u52a1\u548c\u547d\u540d\u6ce8\u518c\u7b49\u529f\u80fd\u3002\r\n\r\nApache ZooKeeper 3.4.10\u4e4b\u524d\u7248\u672c\u548c3.5.0-alpha\u7248\u672c\u81f33.5.3-beta\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5f3a\u5236\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1/\u6388\u6743\u68c0\u6d4b\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u76ee\u6807\u7cfb\u7edf\u4e0a\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache ZooKeeper\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Apache Zookeeper \u003c3.4.10",
"Apache Zookeeper 3.5.0-alpha - 3.5.3-beta"
]
},
"referenceLink": "https://securitytracker.com/id/1040948",
"serverity": "\u4e2d",
"submitTime": "2018-05-22",
"title": "Apache ZooKeeper\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
FKIE_CVE-2018-8012
Vulnerability from fkie_nvd - Published: 2018-05-21 19:29 - Updated: 2024-11-21 04:13
Severity
Summary
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | zookeeper | * | |
| apache | zookeeper | * | |
| apache | zookeeper | 3.5.0 | |
| apache | zookeeper | 3.5.3 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| oracle | goldengate_stream_analytics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF046E81-F6AA-4138-9493-56238351A16E",
"versionEndExcluding": "3.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B40328D8-7E48-43E0-B7CB-722406390A4D",
"versionEndIncluding": "3.5.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "2F0F84E2-88CE-4350-B342-DA761D43682E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "81C99F52-0D85-41C8-A0DA-CE29C917ADDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
"versionEndExcluding": "19.1.0.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
},
{
"lang": "es",
"value": "No se aplica autenticaci\u00f3n/autorizaci\u00f3n cuando un servidor intenta unirse a un quorum en Apache ZooKeeper en versiones anteriores a la 3.4.10 y 3.5.0-alpha hasta 3.5.3-beta. Como resultado, un endpoint arbitrario podr\u00eda unirse al cl\u00faster y comenzar a propagar cambios falsos al l\u00edder."
}
],
"id": "CVE-2018-8012",
"lastModified": "2024-11-21T04:13:05.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-21T19:29:00.250",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104253"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040948"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CCQF-C5HQ-77MP
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-06-29 19:03
VLAI
Summary
Missing Authorization in Apache ZooKeeper
Details
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
Severity
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.4.9"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.zookeeper:zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.5.3-beta"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.zookeeper:zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0-alpha"
},
{
"fixed": "3.5.4-beta"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-8012"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-29T19:03:52Z",
"nvd_published_at": "2018-05-21T19:29:00Z",
"severity": "HIGH"
},
"details": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
"id": "GHSA-ccqf-c5hq-77mp",
"modified": "2022-06-29T19:03:52Z",
"published": "2022-05-13T01:05:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8012"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104253"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040948"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Missing Authorization in Apache ZooKeeper"
}
GSD-2018-8012
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-8012",
"description": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
"id": "GSD-2018-8012",
"references": [
"https://www.suse.com/security/cve/CVE-2018-8012.html",
"https://www.debian.org/security/2018/dsa-4214",
"https://ubuntu.com/security/CVE-2018-8012"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-8012"
],
"details": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
"id": "GSD-2018-8012",
"modified": "2023-12-13T01:22:34.218089Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-8012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ZooKeeper",
"version": {
"version_data": [
{
"version_value": "Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4214",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"name": "1040948",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040948"
},
{
"name": "104253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104253"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,3.4.10),[3.5.0,3.5.3]",
"affected_versions": "All versions before 3.4.10, all versions starting from 3.5.0 up to 3.5.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-862",
"CWE-937"
],
"date": "2019-10-03",
"description": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.",
"fixed_versions": [
"3.4.10",
"3.5.4"
],
"identifier": "CVE-2018-8012",
"identifiers": [
"CVE-2018-8012"
],
"not_impacted": "All versions starting from 3.4.10 before 3.5.0, all versions after 3.5.3",
"package_slug": "maven/org.apache.zookeeper/zookeeper",
"pubdate": "2018-05-21",
"solution": "Upgrade to versions 3.4.10, 3.5.4 or above.",
"title": "Missing Authorization",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-8012",
"http://www.securityfocus.com/bid/104253",
"http://www.securitytracker.com/id/1040948"
],
"uuid": "f36a7d09-2f79-43c2-bf4c-456e2ffb9480"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-8012"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "1040948",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040948"
},
{
"name": "104253",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104253"
},
{
"name": "DSA-4214",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4214"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 opened a new pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210716 [GitHub] [jackrabbit-oak] nit0906 commented on pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-oak-commits] 20210720 [jackrabbit-oak] branch trunk updated: OAK-9496 | Update zookeeper version to handle CVE-2018-8012 (#326)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210720 [GitHub] [jackrabbit-oak] nit0906 merged pull request #326: OAK-9496 | Update zookeeper version to handle CVE-2018-8012",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-09-14T12:13Z",
"publishedDate": "2018-05-21T19:29Z"
}
}
}
WID-SEC-W-2022-0770
Vulnerability from csaf_certbund - Published: 2020-04-23 22:00 - Updated: 2024-05-16 22:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service zu verursachen",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0770 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0770 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6198380 vom 2020-04-23",
"url": "https://www.ibm.com/support/pages/node/6198380"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17",
"url": "https://access.redhat.com/errata/RHSA-2020:2603"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04",
"url": "https://access.redhat.com/errata/RHSA-2020:4807"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20",
"url": "https://access.redhat.com/errata/RHSA-2021:3225"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6605881 vom 2022-07-21",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
"url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
"url": "https://www.ibm.com/support/pages/node/7153639"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:32:05.856+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0770",
"initial_release_date": "2020-04-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-04-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-06-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-11-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-07-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003cAnalyzer 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
"product_id": "T030196"
}
},
{
"category": "product_version_range",
"name": "\u003cViewpoint 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
"product_id": "T030197"
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.1",
"product": {
"name": "IBM DB2 11.1",
"product_id": "342000",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.1"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM DB2 11.5",
"product_id": "695419",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0001",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2009-0001"
},
{
"cve": "CVE-2014-0114",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2014-0193",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-0193"
},
{
"cve": "CVE-2014-3488",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-3488"
},
{
"cve": "CVE-2015-2156",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2015-2156"
},
{
"cve": "CVE-2016-2402",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2016-2402"
},
{
"cve": "CVE-2017-12972",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12972"
},
{
"cve": "CVE-2017-12973",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12973"
},
{
"cve": "CVE-2017-12974",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12974"
},
{
"cve": "CVE-2017-18640",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-18640"
},
{
"cve": "CVE-2017-3734",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-3734"
},
{
"cve": "CVE-2017-5637",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-5637"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-11771",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-11771"
},
{
"cve": "CVE-2018-8009",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-8009"
},
{
"cve": "CVE-2018-8012",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-8012"
},
{
"cve": "CVE-2019-0201",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-0201"
},
{
"cve": "CVE-2019-10086",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2019-10172",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10172"
},
{
"cve": "CVE-2019-10202",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10202"
},
{
"cve": "CVE-2019-12402",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-12402"
},
{
"cve": "CVE-2019-16869",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-16869"
},
{
"cve": "CVE-2019-17195",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-17195"
},
{
"cve": "CVE-2019-17571",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2019-9512",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9518",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9518"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…