Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD504296C469FF402F73637F620D6BEA70BC5D37426BFD10EC06DDF72B6870292
HistoryDec 16, 2022 - 9:16 p.m.

Security Bulletin: IBM DataPower Gateway vulnerable to network state information leakage (CVE-2021-20322, CVE-2021-45485, CVE-2021-45486)

2022-12-1621:16:31
www.ibm.com
19
ibm datapower gateway
cve-2021-45485
cve-2021-45486
linux kernel
information leakage

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON

Summary

IBM has addressed the CVEs

Vulnerability Details

CVEID:CVE-2021-45485
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by improperly consider attacks from many IPv6 source addresses in net/ipv6/output_core.c in the IPv6 implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216133 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-45486
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by the use of small hash table in net/ipv4/route.c in the IPv4 implementation. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216134 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM DataPower Gateway 10.5.0 10.5.0.0 - 10.5.0.2

Remediation/Fixes

Affected Product Fixed in version APAR
IBM DataPower Gateway 10.5.0 10.5.0.3 IT42605

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmdatapower_gatewayMatch10.5.0
CPENameOperatorVersion
ibm datapower gatewayeq10.5.0

Related

ubuntucve 3
ibm 8
nvd 3
cve 3
veracode 2
redhatcve 3
broadcom 2
prion 3
cbl_mariner 5
debiancve 3
cvelist 3
nessus 71
openvas 42
githubexploit 1
redhat 15
photon 3
trellix 2
suse 7
osv 6
ubuntu 3
cloudfoundry 1
oraclelinux 3
rocky 2
amazon 2
almalinux 1
cloudlinux 2
ubuntucve
ubuntucve
CVE-2021-45485
2021-12-25 00:00:00
CVE-2021-45486
2021-12-25 00:00:00
CVE-2021-20322
2021-10-19 00:00:00
ibm
ibm
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
2022-08-29 11:21:56
Security Bulletin: IBM MQ Appliance is affected by kernel vulnerabilities (CVE-2021-45485, CVE-2021-45486 and CVE-2022-1012)
2023-02-10 11:46:53
Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
nvd
nvd
CVE-2021-45485
2021-12-25 02:15:06
CVE-2021-20322
2022-02-18 18:15:09
CVE-2021-45486
2021-12-25 02:15:06
cve
cve
CVE-2021-45485
2021-12-25 02:15:06
CVE-2021-45486
2021-12-25 02:15:06
CVE-2021-20322
2022-02-18 18:15:09
veracode
veracode
Information Disclosure
2022-01-26 04:33:25
Denial Of Service (DoS)
2022-02-08 17:16:04
redhatcve
redhatcve
CVE-2021-45486
2022-01-12 23:23:40
CVE-2021-45485
2022-01-12 23:23:31
CVE-2021-20322
2021-10-18 11:13:53
broadcom
broadcom
net ipv4 route.c has an information leak because the hash table is very small
2023-08-01 00:00:00
net ipv6 output_core.c has an information leak because of certain use of a hash
2023-08-01 00:00:00
prion
prion
Information disclosure
2021-12-25 02:15:00
Design/Logic Flaw
2022-02-18 18:15:00
Information disclosure
2021-12-25 02:15:00
cbl_mariner
cbl_mariner
CVE-2021-45485 affecting package kernel 5.10.189.1-1
2022-01-26 22:54:05
CVE-2021-45485 affecting package kernel for versions less than 5.15.2.1-1
2022-04-09 06:52:47
CVE-2021-45486 affecting package kernel 5.10.189.1-1
2022-01-26 22:54:05
debiancve
debiancve
CVE-2021-20322
2022-02-18 18:15:09
CVE-2021-45485
2021-12-25 02:15:06
CVE-2021-45486
2021-12-25 02:15:06
cvelist
cvelist
CVE-2021-20322
2022-02-18 17:50:45
CVE-2021-45486
2021-12-25 01:04:27
CVE-2021-45485
2021-12-25 01:05:07
nessus
nessus
SUSE SLES12 Security Update : kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2021:4057-1)
2021-12-15 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 20 for SLE 15 SP2) (SUSE-SU-2021:4075-1)
2021-12-15 00:00:00
RHEL 8 : kernel-rt (RHSA-2022:6991)
2022-10-18 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:4057-1)
2021-12-15 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1328)
2022-03-21 00:00:00
openSUSE: Security Advisory for the (openSUSE-SU-2022:0169-1)
2022-02-08 00:00:00
githubexploit
githubexploit
Exploit for Use of a Broken or Risky Cryptographic Algorithm in Linux Linux Kernel
2022-04-28 07:38:04
redhat
redhat
(RHSA-2022:6983) Important: kernel security, bug fix, and enhancement update
2022-10-18 07:38:45
(RHSA-2022:6991) Important: kernel-rt security and bug fix update
2022-10-18 07:47:39
(RHSA-2022:4829) Important: kernel security, bug fix, and enhancement update
2022-05-31 10:00:13
photon
photon
Important Photon OS Security Update - PHSA-2022-0499
2022-07-23 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0336
2021-12-02 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0278
2021-08-01 00:00:00
trellix
trellix
The Bug Report November 2021 Edition
2021-11-30 00:00:00
The Bug Report November 2021 Edition
2021-11-30 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-01-25 00:00:00
Security update for the Linux Kernel (important)
2022-01-26 00:00:00
Security update for the Linux Kernel (important)
2021-12-06 00:00:00
osv
osv
linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2022-02-03 05:48:15
Important: kernel-rt security and bug fix update
2022-05-10 06:42:36
Important: kernel security, bug fix, and enhancement update
2022-05-10 08:11:36
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-02-03 00:00:00
Linux kernel vulnerabilities
2022-02-22 00:00:00
Linux kernel vulnerabilities
2022-04-01 00:00:00
cloudfoundry
cloudfoundry
USN-5268-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-10 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2022-04-05 00:00:00
kernel security, bug fix, and enhancement update
2022-05-17 00:00:00
Unbreakable Enterprise kernel security update
2022-10-04 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-05-10 06:42:36
kernel security, bug fix, and enhancement update
2022-05-10 08:11:36
amazon
amazon
Important: kernel
2022-02-04 23:24:00
Important: kernel
2023-02-17 00:02:00
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2022-05-10 08:11:36
cloudlinux
cloudlinux
kernel: Fix of 13 CVEs
2024-01-17 12:28:37
kernel: Fix of 13 CVEs
2024-01-17 12:32:48

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON
Related for D504296C469FF402F73637F620D6BEA70BC5D37426BFD10EC06DDF72B6870292
ubuntucve3ibm8nvd3cve3veracode2redhatcve3broadcom2prion3cbl_mariner5debiancve3cvelist3nessus71openvas42githubexploit1redhat15photon3trellix2suse7osv6ubuntu3cloudfoundry1oraclelinux3rocky2amazon2almalinux1cloudlinux2