Sign-up

ID

VAR-202107-0866


CVE

CVE-2021-33192


TITLE

Apache Jena Fuseki Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-49041 // CNNVD: CNNVD-202107-220

DESCRIPTION

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive). It can be run as an operating system service, Java Web application (WAR file), and stand-alone server. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-33192 // JVNDB: JVNDB-2021-008891 // CNVD: CNVD-2021-49041 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-33192

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-49041

AFFECTED PRODUCTS

vendor:apachemodel:jena fusekiscope:ltversion:4.1.0

Trust: 1.0

vendor:apachemodel:jena fusekiscope:gteversion:2.0.0

Trust: 1.0

vendor:apachemodel:jena fusekiscope:eqversion: -

Trust: 0.8

vendor:apachemodel:jena fusekiscope:eqversion:2.0.0 to 4.0.0

Trust: 0.8

vendor:apachemodel:jena fusekiscope:gteversion:2.0.0,<=4.0.0

Trust: 0.6

sources: CNVD: CNVD-2021-49041 // JVNDB: JVNDB-2021-008891 // NVD: CVE-2021-33192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33192
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-33192
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-49041
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-220
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33192
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-33192
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-49041
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-33192
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-33192
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-49041 // VULMON: CVE-2021-33192 // JVNDB: JVNDB-2021-008891 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-220 // NVD: CVE-2021-33192

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-008891 // NVD: CVE-2021-33192

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-220

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Display information UI XSSurl:https://lists.apache.org/thread/sq6q94q0prqwr9vdm2wptglcq1kv98k8

Trust: 0.8

title:Patch for Apache Jena Fuseki Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/277881

Trust: 0.6

title:Apache Jena Fuseki Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156138

Trust: 0.6

sources: CNVD: CNVD-2021-49041 // JVNDB: JVNDB-2021-008891 // CNNVD: CNNVD-202107-220

EXTERNAL IDS

db:NVDid:CVE-2021-33192

Trust: 3.9

db:JVNDBid:JVNDB-2021-008891

Trust: 0.8

db:CNVDid:CNVD-2021-49041

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021091619

Trust: 0.6

db:CNNVDid:CNNVD-202107-220

Trust: 0.6

db:VULMONid:CVE-2021-33192

Trust: 0.1

sources: CNVD: CNVD-2021-49041 // VULMON: CVE-2021-33192 // JVNDB: JVNDB-2021-008891 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-220 // NVD: CVE-2021-33192

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-33192

Trust: 2.0

url:https://lists.apache.org/thread.html/r684d8943d755a96fe90f8cd8df196737b6bde3f2b74e15a9bd479975%40%3cusers.jena.apache.org%3e

Trust: 1.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091619

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-49041 // VULMON: CVE-2021-33192 // JVNDB: JVNDB-2021-008891 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-220 // NVD: CVE-2021-33192

SOURCES

db:CNVDid:CNVD-2021-49041
db:VULMONid:CVE-2021-33192
db:JVNDBid:JVNDB-2021-008891
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-220
db:NVDid:CVE-2021-33192

LAST UPDATE DATE

2024-08-14T13:02:52.664000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-49041date:2021-07-10T00:00:00
db:VULMONid:CVE-2021-33192date:2021-07-08T00:00:00
db:JVNDBid:JVNDB-2021-008891date:2022-03-31T04:45:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-220date:2021-09-17T00:00:00
db:NVDid:CVE-2021-33192date:2021-07-08T17:27:00.447

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-49041date:2021-07-10T00:00:00
db:VULMONid:CVE-2021-33192date:2021-07-05T00:00:00
db:JVNDBid:JVNDB-2021-008891date:2022-03-31T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-220date:2021-07-05T00:00:00
db:NVDid:CVE-2021-33192date:2021-07-05T10:15:08.457