Lucene search
IBM4B7C962F5272FF9B529779F35477ED8321D9F5090995B61B40F379D6BCD0AD4DHistoryApr 22, 2022 - 8:33 p.m.
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Python (CVE-2021-3733)
2022-04-2220:33:13
www.ibm.com
47
0.003 Low
EPSS
Percentile
71.7%
Summary
Security Vulnerabilities affect IBM Cloud Private - Python
Vulnerability Details
CVEID:CVE-2021-3733
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the AbstractBasicAuthHandler class in urllib. By persuading a victim to visit a specially-crafted web site, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Private | 3.2.1 CD |
| IBM Cloud Private | 3.2.2 CD |
Remediation/Fixes
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
- IBM Cloud Private 3.2.1
- IBM Cloud Private 3.2.2
For IBM Cloud Private 3.2.1, apply fix pack:
For IBM Cloud Private 3.2.2, apply fix pack:
For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0
- Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2.
- If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance
Workarounds and Mitigations
None
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cloud_private | 3.2.1 | cpe:2.3:a:ibm:cloud_private:3.2.1:*:*:*:*:*:*:* |
| ibm | cloud_private | 3.2.2 | cpe:2.3:a:ibm:cloud_private:3.2.2:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2021-3733
2022-03-10 17:42:59
redhatcve
redhatcve
CVE-2021-3733
2021-08-31 15:31:19
nessus
nessus
CentOS 8 : python3 (CESA-2021:4057)
2021-11-03 00:00:00
Oracle Linux 8 : python3 (ELSA-2021-4057)
2021-11-02 00:00:00
RHEL 8 : python3 (RHSA-2021:4057)
2021-11-02 00:00:00
almalinux
almalinux
Moderate: python3 security update
2021-11-02 07:48:14
Moderate: python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
Moderate: python27:2.7 security update
2022-05-10 08:02:50
oraclelinux
oraclelinux
python3 security update
2021-11-02 00:00:00
python38:3.8 and python38-devel:3.8 security update
2022-05-17 00:00:00
python27:2.7 security update
2022-05-17 00:00:00
cve
cve
CVE-2021-3733
2022-03-10 17:42:59
veracode
veracode
Denial Of Service
2021-09-03 01:56:52
cbl_mariner
cbl_mariner
CVE-2021-3733 affecting package python2 2.7.18-9
2022-08-12 16:45:09
prion
prion
Authentication flaw
2022-03-10 17:42:00
ibm
ibm
redhat
redhat
(RHSA-2021:4057) Moderate: python3 security update
2021-11-02 07:48:14
ubuntucve
ubuntucve
CVE-2021-3733
2021-09-02 00:00:00
debiancve
debiancve
CVE-2021-3733
2022-03-10 17:42:59
cvelist
cvelist
CVE-2021-3733
2022-03-07 00:00:00
osv
osv
CVE-2021-3733: ReDoS in urllib.request
2022-03-07 00:00:00
CVE-2021-3733
2022-03-10 17:42:59
BIT-python-2021-3733
2024-03-06 11:06:14
openvas
openvas
Fedora: Security Advisory for python2.7 (FEDORA-2021-34760089da)
2021-10-02 00:00:00
Mageia: Security Advisory (MGASA-2021-0457)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-1385)
2022-04-13 00:00:00
suse
suse
Security update for python (moderate)
2021-10-20 00:00:00
Security update for python (moderate)
2021-10-31 00:00:00
Security update for python39 (moderate)
2022-05-02 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: python2.7-2.7.18-15.fc35
2021-09-24 20:59:13
[SECURITY] Fedora 34 Update: mingw-python3-3.9.4-3.fc34
2021-09-30 01:15:07
[SECURITY] Fedora 33 Update: python2.7-2.7.18-15.fc33
2021-09-29 01:10:06
mageia
mageia
Updated python packages fix security vulnerability
2021-10-02 21:57:04
Updated python3 packages fix security vulnerability
2021-09-23 07:49:29
ubuntu
ubuntu
Python vulnerabilities
2021-09-16 00:00:00
Python vulnerabilities
2021-12-17 00:00:00
Python vulnerabilities
2021-12-17 00:00:00
cloudfoundry
cloudfoundry
USN-5199-1: Python vulnerabilities | Cloud Foundry
2022-03-08 00:00:00
debian
debian
[SECURITY] [DLA 2808-1] python3.5 security update
2021-11-05 09:21:01
[SECURITY] [DLA 3477-1] python3.7 security update
2023-06-30 20:52:04
[SECURITY] [DLA 3432-1] python2.7 security update
2023-05-24 17:31:47
rocky
rocky
python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
python27:2.7 security update
2022-05-10 08:02:50
python39:3.9 and python39-devel:3.9 security update
2021-11-09 08:26:25
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0433
2022-08-11 00:00:00
amazon
amazon
Medium: python
2022-05-31 23:50:00
Medium: python27
2022-05-31 23:47:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
avleonov
avleonov
0.003 Low
EPSS
Percentile
71.7%
Related for 4B7C962F5272FF9B529779F35477ED8321D9F5090995B61B40F379D6BCD0AD4D