Details of VAR-202102-1488

ID

VAR-202102-1488

CVE

CVE-2021-23841

TITLE

OpenSSL In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001396

DESCRIPTION

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. 8) - noarch 3. Description: EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 (20210527gite1999b264f1f). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2021:3798-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3798 Issue date: 2021-10-12 CVE Names: CVE-2021-23840 CVE-2021-23841 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-22.el7_9.src.rpm x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-22.el7_9.src.rpm x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-22.el7_9.src.rpm ppc64: openssl-1.0.2k-22.el7_9.ppc64.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm openssl-devel-1.0.2k-22.el7_9.ppc.rpm openssl-devel-1.0.2k-22.el7_9.ppc64.rpm openssl-libs-1.0.2k-22.el7_9.ppc.rpm openssl-libs-1.0.2k-22.el7_9.ppc64.rpm ppc64le: openssl-1.0.2k-22.el7_9.ppc64le.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm openssl-devel-1.0.2k-22.el7_9.ppc64le.rpm openssl-libs-1.0.2k-22.el7_9.ppc64le.rpm s390x: openssl-1.0.2k-22.el7_9.s390x.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm openssl-devel-1.0.2k-22.el7_9.s390.rpm openssl-devel-1.0.2k-22.el7_9.s390x.rpm openssl-libs-1.0.2k-22.el7_9.s390.rpm openssl-libs-1.0.2k-22.el7_9.s390x.rpm x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm openssl-perl-1.0.2k-22.el7_9.ppc64.rpm openssl-static-1.0.2k-22.el7_9.ppc.rpm openssl-static-1.0.2k-22.el7_9.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm openssl-perl-1.0.2k-22.el7_9.ppc64le.rpm openssl-static-1.0.2k-22.el7_9.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-22.el7_9.s390.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm openssl-perl-1.0.2k-22.el7_9.s390x.rpm openssl-static-1.0.2k-22.el7_9.s390.rpm openssl-static-1.0.2k-22.el7_9.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-22.el7_9.src.rpm x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWWqjtzjgjWX9erEAQj4lg/+IFxqmMQqLSvyz8cKUAPgss/+/wFMpRgh ZZxYBQQ0cBFfWFlROVLaRdeiGcZYkyJCRDqy2Yb8YO1A4PnSOc+htLFYmSmU2kcm QLHinOzGEZo/44vN7Qsl4WhJkJIdlysCwKpkkOCUprMEnhlWMvja2eSSG9JLH16d RqGe4AsJQLKSKLgmhejCOqxb9am+t9zBW0zaZHP4UR52Ju1rG5rLjBJ85Gcrmp2B vp/GVEQ/Asid4MZA2WTx+s6wj5Dt7JOdLWrUbcYAC0I8oPWbAoZJTfPkM7S6Xv+U 68iruVFTh74IkCbQ+SNLoYjiDAVJqtAVRVBha7Fd3/gWR6aJLLaqluLRGvd0mwXY pohCS0ynuMQ9wtYOJ3ezSVcBN+/d9Hs/3s8RWQTzrNG6jtBe57H9/tNkeSVFSVvu PMKXsUoOrIUE2HCflJytDB9wkQmsWxiZoH/xVlrtD0D11egZ4EWjJL6x+xtCTAkT u67CAwsCKxxCeNmz42uBtXSwFXoUapJnsviGzAx247T2pyuXlYMYHlsOy7CtBvIk jEEosCMM72UyXO4XsYTXc0jM3ze6iQTcF9irwhy+X+rTB4IXBubdUEoT0jnKlwfI BQvoPEBlcG+f0VU8BL+FCOosvM0ZqC7KGGOwJLoG1Vqz8rbtmhpcmNAOvzUiHdm3 T4OjSl1NzQQ= =Taj2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * CVE-2021-3795 semver-regex: inefficient regular expression complexity * CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 Related bugs: * RHACM 2.2.10 images (Bugzilla #2013652) 3. Bugs fixed (https://bugzilla.redhat.com/): 2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images 5. ========================================================================== Ubuntu Security Notice USN-4745-1 February 23, 2021 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in OpenSSL. (CVE-2021-23841) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm2 Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.45 After a standard system update you need to reboot your computer to make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert `FluentdNodeDown` always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding 6. Bugs fixed (https://bugzilla.redhat.com/): 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 5. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

Trust: 2.43

sources: NVD: CVE-2021-23841 // JVNDB: JVNDB-2021-001396 // VULHUB: VHN-382524 // PACKETSTORM: 165286 // PACKETSTORM: 164890 // PACKETSTORM: 164489 // PACKETSTORM: 165209 // PACKETSTORM: 161525 // PACKETSTORM: 164967 // PACKETSTORM: 165002 // PACKETSTORM: 164927

AFFECTED PRODUCTS

vendor:	oracle	model:	business intelligence	scope:	eq	version:	5.9.0.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.1.1j	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	20.3.1.2	Trust: 1.0
vendor:	oracle	model:	mysql server	scope:	lt	version:	8.0.23	Trust: 1.0
vendor:	tenable	model:	nessus network monitor	scope:	eq	version:	5.12.1	Trust: 1.0
vendor:	oracle	model:	essbase	scope:	eq	version:	21.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	mysql enterprise monitor	scope:	lt	version:	8.0.23	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	21.0.0.2	Trust: 1.0
vendor:	oracle	model:	jd edwards world security	scope:	eq	version:	a9.4	Trust: 1.0
vendor:	tenable	model:	nessus network monitor	scope:	eq	version:	5.11.0	Trust: 1.0
vendor:	tenable	model:	tenable.sc	scope:	gte	version:	5.13.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.57	Trust: 1.0
vendor:	siemens	model:	sinec ins	scope:	lt	version:	1.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	nessus network monitor	scope:	eq	version:	5.13.0	Trust: 1.0
vendor:	oracle	model:	business intelligence	scope:	eq	version:	5.5.0.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	14.1.1	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	nessus network monitor	scope:	eq	version:	5.11.1	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.6	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.58	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.0.2	Trust: 1.0
vendor:	oracle	model:	mysql server	scope:	gte	version:	8.0.15	Trust: 1.0
vendor:	tenable	model:	nessus network monitor	scope:	eq	version:	5.12.0	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	oracle	model:	business intelligence	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	mysql server	scope:	lt	version:	5.7.33	Trust: 1.0
vendor:	oracle	model:	enterprise manager for storage management	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	siemens	model:	sinec ins	scope:	eq	version:	1.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.59	Trust: 1.0
vendor:	oracle	model:	business intelligence	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.2y	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.1.1	Trust: 1.0
vendor:	oracle	model:	communications cloud native core policy	scope:	eq	version:	1.15.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	19.3.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	tenable	model:	tenable.sc	scope:	lte	version:	5.17.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.1	Trust: 1.0
vendor:	日立	model:	hitachi device manager	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center common services	scope:	-	version:	-	Trust: 0.8
vendor:	tenable	model:	tenable.sc	scope:	-	version:	-	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center analyzer viewpoint	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001396 // NVD: CVE-2021-23841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23841
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-23841
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-1200
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-382524
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-23841
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-382524
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-23841
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23841
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-382524 // CNNVD: CNNVD-202102-1200 // JVNDB: JVNDB-2021-001396 // NVD: CVE-2021-23841

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-190	Trust: 0.1

sources: VULHUB: VHN-382524 // JVNDB: JVNDB-2021-001396 // NVD: CVE-2021-23841

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 161525 // CNNVD: CNNVD-202102-1200

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-1200

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-382524

PATCH

title:	hitachi-sec-2023-126	url:	https://www.debian.org/security/2021/dsa-4855	Trust: 0.8
title:	OpenSSL Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142812	Trust: 0.6

sources: CNNVD: CNNVD-202102-1200 // JVNDB: JVNDB-2021-001396

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23841	Trust: 4.1
db:	TENABLE	id:	TNS-2021-03	Trust: 1.7
db:	TENABLE	id:	TNS-2021-09	Trust: 1.7
db:	PULSESECURE	id:	SA44846	Trust: 1.7
db:	SIEMENS	id:	SSA-637483	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-336-06	Trust: 1.4
db:	ICS CERT	id:	ICSA-22-258-05	Trust: 1.4
db:	PACKETSTORM	id:	161525	Trust: 0.8
db:	PACKETSTORM	id:	164927	Trust: 0.8
db:	PACKETSTORM	id:	165002	Trust: 0.8
db:	PACKETSTORM	id:	164890	Trust: 0.8
db:	JVN	id:	JVNVU94508446	Trust: 0.8
db:	JVN	id:	JVNVU99475301	Trust: 0.8
db:	JVN	id:	JVNVU90348129	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001396	Trust: 0.8
db:	PACKETSTORM	id:	162151	Trust: 0.7
db:	PACKETSTORM	id:	165096	Trust: 0.7
db:	PACKETSTORM	id:	164583	Trust: 0.7
db:	PACKETSTORM	id:	165099	Trust: 0.7
db:	PACKETSTORM	id:	162823	Trust: 0.7
db:	PACKETSTORM	id:	161459	Trust: 0.7
db:	PACKETSTORM	id:	165129	Trust: 0.7
db:	PACKETSTORM	id:	162041	Trust: 0.7
db:	PACKETSTORM	id:	164489	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0974	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0616	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0786	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3792	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0636	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3375	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4095	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0916	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4172	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4104	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3485	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1618	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4059	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3499	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4019	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0670	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3846	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0958	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0897	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1015	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1225	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3905	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3935	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4254	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0859	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1794	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0832	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4616	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1502	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2657	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4229	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0992	Trust: 0.6
db:	PACKETSTORM	id:	164562	Trust: 0.6
db:	PACKETSTORM	id:	161450	Trust: 0.6
db:	CS-HELP	id:	SB2021041501	Trust: 0.6
db:	CS-HELP	id:	SB2022022131	Trust: 0.6
db:	CS-HELP	id:	SB2021120313	Trust: 0.6
db:	CS-HELP	id:	SB2021102116	Trust: 0.6
db:	CS-HELP	id:	SB2022071618	Trust: 0.6
db:	CS-HELP	id:	SB2022071832	Trust: 0.6
db:	CS-HELP	id:	SB2021051226	Trust: 0.6
db:	CS-HELP	id:	SB2021052505	Trust: 0.6
db:	CS-HELP	id:	SB2021101933	Trust: 0.6
db:	CS-HELP	id:	SB2022032007	Trust: 0.6
db:	CS-HELP	id:	SB2021052508	Trust: 0.6
db:	CS-HELP	id:	SB2021042109	Trust: 0.6
db:	CS-HELP	id:	SB2021111137	Trust: 0.6
db:	CS-HELP	id:	SB2021101330	Trust: 0.6
db:	CS-HELP	id:	SB2021111733	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1200	Trust: 0.6
db:	PACKETSTORM	id:	164928	Trust: 0.1
db:	PACKETSTORM	id:	162824	Trust: 0.1
db:	PACKETSTORM	id:	164889	Trust: 0.1
db:	PACKETSTORM	id:	162826	Trust: 0.1
db:	VULHUB	id:	VHN-382524	Trust: 0.1
db:	PACKETSTORM	id:	165286	Trust: 0.1
db:	PACKETSTORM	id:	165209	Trust: 0.1
db:	PACKETSTORM	id:	164967	Trust: 0.1

sources: VULHUB: VHN-382524 // PACKETSTORM: 165286 // PACKETSTORM: 164890 // PACKETSTORM: 164489 // PACKETSTORM: 165209 // PACKETSTORM: 161525 // PACKETSTORM: 164967 // PACKETSTORM: 165002 // PACKETSTORM: 164927 // CNNVD: CNNVD-202102-1200 // JVNDB: JVNDB-2021-001396 // NVD: CVE-2021-23841

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23841	Trust: 1.9
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf	Trust: 1.7
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44846	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210219-0009/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210513-0002/	Trust: 1.7
url:	https://support.apple.com/kb/ht212528	Trust: 1.7
url:	https://support.apple.com/kb/ht212529	Trust: 1.7
url:	https://support.apple.com/kb/ht212534	Trust: 1.7
url:	https://www.openssl.org/news/secadv/20210216.txt	Trust: 1.7
url:	https://www.tenable.com/security/tns-2021-03	Trust: 1.7
url:	https://www.tenable.com/security/tns-2021-09	Trust: 1.7
url:	https://www.debian.org/security/2021/dsa-4855	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2021/may/67	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2021/may/70	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2021/may/68	Trust: 1.7
url:	https://security.gentoo.org/glsa/202103-03	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.7
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06	Trust: 1.4
url:	https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf	Trust: 1.0
url:	https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807	Trust: 1.0
url:	https://security.netapp.com/advisory/ntap-20240621-0006/	Trust: 1.0
url:	http://jvn.jp/vu/jvnvu94508446/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90348129/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99475301/	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05	Trust: 0.8
url:	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf	Trust: 0.7
url:	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2021-23841	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2021-23840	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2021.0916	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0958	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022131	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0832	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-may-affect-ibm-workload-scheduler-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2657	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3905	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0636	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3792	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1015	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerabilities-affect-messagegateway-cve-2021-23841-cve-2021-23840/	Trust: 0.6
url:	https://packetstormsecurity.com/files/164890/red-hat-security-advisory-2021-4198-03.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162041/gentoo-linux-security-advisory-202103-03.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071618	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-openssl-vulnerabilities/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120313	Trust: 0.6
url:	https://packetstormsecurity.com/files/161525/ubuntu-security-notice-usn-4745-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1618	Trust: 0.6
url:	https://packetstormsecurity.com/files/162823/apple-security-advisory-2021-05-25-1.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht212529	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4616	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6486335	Trust: 0.6
url:	https://vigilance.fr/vulnerability/openssl-null-pointer-dereference-via-x509-issuer-and-serial-hash-34598	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4059	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3485	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042109	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4254	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05	Trust: 0.6
url:	https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4095	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4172	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-23840-and-cve-2021-23841/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111137	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0859	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/	Trust: 0.6
url:	https://packetstormsecurity.com/files/164927/red-hat-security-advisory-2021-4614-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-connectdirect-for-hp-nonstop/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021051226	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0897	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0974	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6487493	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3846	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1502	Trust: 0.6
url:	https://support.apple.com/en-us/ht212534	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1225	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-multiple-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4019	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0616	Trust: 0.6
url:	https://packetstormsecurity.com/files/161459/ubuntu-security-notice-usn-4738-1.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111733	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041501	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-affected-by-multiple-vulnerabilities-in-openssl-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3375	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4104	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101933	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6479349	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1794	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3499	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032007	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052508	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101330	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052505	Trust: 0.6
url:	https://packetstormsecurity.com/files/165129/red-hat-security-advisory-2021-4902-06.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071832	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-5/	Trust: 0.6
url:	https://packetstormsecurity.com/files/164583/red-hat-security-advisory-2021-3949-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/	Trust: 0.6
url:	https://packetstormsecurity.com/files/165096/red-hat-security-advisory-2021-4845-05.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3935	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0786	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6507581	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4229	Trust: 0.6
url:	https://packetstormsecurity.com/files/165002/red-hat-security-advisory-2021-4032-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161450/openssl-toolkit-1.1.1j.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0670	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0992	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6490371	Trust: 0.6
url:	https://packetstormsecurity.com/files/164489/red-hat-security-advisory-2021-3798-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021102116	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-20838	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-14155	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20838	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14155	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16135	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3200	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5827	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20673	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-27645	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-33574	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-13435	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-5827	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-24370	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-13751	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19603	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-35942	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17594	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24370	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3572	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12762	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-36086	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3778	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13750	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13751	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-22898	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12762	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-16135	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-36084	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3800	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17594	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-36087	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3445	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13435	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19603	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-22925	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-20673	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18218	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-20232	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-20266	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-22876	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-20231	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-36085	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-33560	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17595	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-28153	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-13750	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3426	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-18218	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3580	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3796	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17595	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23840	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14145	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14145	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-42574	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-25013	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25012	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35522	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35524	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25013	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25009	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-43527	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25014	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25012	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35521	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-17541	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36331	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3712	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31535	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36332	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25010	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25014	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3481	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25009	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25010	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35523	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22876	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20231	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22925	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22898	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20266	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20232	Trust: 0.2
url:	https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html	Trust: 0.2
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-009	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35522	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35523	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5128	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21409	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35521	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4198	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3798	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36385	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33938	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5038	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33930	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43267	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33928	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37750	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22947	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22946	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20271	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3733	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3795	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36385	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20271	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20317	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20317	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22947	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23440	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33929	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22946	Trust: 0.1
url:	https://usn.ubuntu.com/4745-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23133	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3573	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26141	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27777	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26147	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36386	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29650	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24587	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26144	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29155	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33033	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3487	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-0427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36312	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31829	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10001	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31440	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26145	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3564	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10001	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35448	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3489	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24503	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26146	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26139	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3679	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24588	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36158	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24504	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33194	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3348	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24503	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20284	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29646	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24502	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-0129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3635	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26143	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29368	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20194	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3659	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33200	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29660	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26140	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3600	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20239	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24502	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3732	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28950	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4627	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31916	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23369	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23383	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23369	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27645	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28153	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23383	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26691	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13950	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26690	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17567	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35452	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26691	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26690	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4614	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17567	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35452	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3712	Trust: 0.1

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 165286 // PACKETSTORM: 164890 // PACKETSTORM: 164489 // PACKETSTORM: 165209 // PACKETSTORM: 164967 // PACKETSTORM: 165002 // PACKETSTORM: 164927 // CNNVD: CNNVD-202102-1200

SOURCES

db:	VULHUB	id:	VHN-382524
db:	PACKETSTORM	id:	165286
db:	PACKETSTORM	id:	164890
db:	PACKETSTORM	id:	164489
db:	PACKETSTORM	id:	165209
db:	PACKETSTORM	id:	161525
db:	PACKETSTORM	id:	164967
db:	PACKETSTORM	id:	165002
db:	PACKETSTORM	id:	164927
db:	CNNVD	id:	CNNVD-202102-1200
db:	JVNDB	id:	JVNDB-2021-001396
db:	NVD	id:	CVE-2021-23841

LAST UPDATE DATE

2025-12-22T22:38:54.865000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-382524	date:	2023-01-09T00:00:00
db:	CNNVD	id:	CNNVD-202102-1200	date:	2022-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-001396	date:	2023-07-20T06:25:00
db:	NVD	id:	CVE-2021-23841	date:	2024-11-21T05:51:55.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-382524	date:	2021-02-16T00:00:00
db:	PACKETSTORM	id:	165286	date:	2021-12-15T15:20:33
db:	PACKETSTORM	id:	164890	date:	2021-11-10T17:13:18
db:	PACKETSTORM	id:	164489	date:	2021-10-13T14:47:32
db:	PACKETSTORM	id:	165209	date:	2021-12-09T14:50:37
db:	PACKETSTORM	id:	161525	date:	2021-02-24T14:50:51
db:	PACKETSTORM	id:	164967	date:	2021-11-15T17:25:56
db:	PACKETSTORM	id:	165002	date:	2021-11-17T15:25:40
db:	PACKETSTORM	id:	164927	date:	2021-11-11T14:53:11
db:	CNNVD	id:	CNNVD-202102-1200	date:	2021-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-001396	date:	2021-05-14T00:00:00
db:	NVD	id:	CVE-2021-23841	date:	2021-02-16T17:15:13.377