Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveApacheCVE-2021-33900
HistoryJul 26, 2021 - 7:15 a.m.

CVE-2021-33900

2021-07-2607:15:07
CWE-319
CWE-311
apache
web.nvd.nist.gov
53
cve-2021-33900
apache directory studio
starttls
sasl
encryption
confidentiality layer

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.6%

JSON

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

Affected configurations

Nvd
Vulners
Node
apachedirectory_studioRange1.5.3
OR
apachedirectory_studioMatch2.0.0milestone1
OR
apachedirectory_studioMatch2.0.0milestone10
OR
apachedirectory_studioMatch2.0.0milestone11
OR
apachedirectory_studioMatch2.0.0milestone12
OR
apachedirectory_studioMatch2.0.0milestone13
OR
apachedirectory_studioMatch2.0.0milestone14
OR
apachedirectory_studioMatch2.0.0milestone15
OR
apachedirectory_studioMatch2.0.0milestone16
OR
apachedirectory_studioMatch2.0.0milestone2
OR
apachedirectory_studioMatch2.0.0milestone3
OR
apachedirectory_studioMatch2.0.0milestone4
OR
apachedirectory_studioMatch2.0.0milestone5
OR
apachedirectory_studioMatch2.0.0milestone6
OR
apachedirectory_studioMatch2.0.0milestone7
OR
apachedirectory_studioMatch2.0.0milestone8
OR
apachedirectory_studioMatch2.0.0milestone9
VendorProductVersionCPE
apachedirectory_studio*cpe:2.3:a:apache:directory_studio:*:*:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone1:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone10:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone11:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone12:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone13:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone14:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone15:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone16:*:*:*:*:*:*
apachedirectory_studio2.0.0cpe:2.3:a:apache:directory_studio:2.0.0:milestone2:*:*:*:*:*:*
Rows per page:
1-10 of 171

CNA Affected

[
  {
    "product": "Apache Directory Studio",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.0.0.v20210213-M16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

github 1
veracode 1
nvd 1
cvelist 1
prion 1
osv 2
ubuntucve 1
github
github
Missing encryption in Apache Directory Studio
2021-08-09 20:40:53
veracode
veracode
Confidentiality Protection Bypass
2021-08-11 08:49:38
nvd
nvd
CVE-2021-33900
2021-07-26 07:15:07
cvelist
cvelist
CVE-2021-33900 StartTLS and SASL confidentiality protection bypass
2021-07-26 07:05:10
prion
prion
Authentication flaw
2021-07-26 07:15:00
osv
osv
Missing encryption in Apache Directory Studio
2021-08-09 20:40:53
CVE-2021-33900
2021-07-26 07:15:07
ubuntucve
ubuntucve
CVE-2021-33900
2021-07-26 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.6%

JSON
Related for CVE-2021-33900
github1veracode1nvd1cvelist1prion1osv2ubuntucve1