Lucene search

[email protected]NVD:CVE-2021-23337

HistoryFeb 15, 2021 - 1:15 p.m.

CVE-2021-23337

2021-02-1513:15:12

CWE-94

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.7%

JSON

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Affected configurations

NVD

Node

lodashlodashRange<4.17.21node.js

Node

oraclebanking_corporate_lending_process_managementMatch14.2.0

oraclebanking_corporate_lending_process_managementMatch14.3.0

oraclebanking_corporate_lending_process_managementMatch14.5.0

oraclebanking_credit_facilities_process_managementMatch14.2.0

oraclebanking_credit_facilities_process_managementMatch14.3.0

oraclebanking_credit_facilities_process_managementMatch14.5.0

oraclebanking_extensibility_workbenchMatch14.2.0

oraclebanking_extensibility_workbenchMatch14.3.0

oraclebanking_extensibility_workbenchMatch14.5.0

oraclebanking_supply_chain_financeMatch14.2.0

oraclebanking_supply_chain_financeMatch14.3.0

oraclebanking_supply_chain_financeMatch14.5.0

oraclebanking_trade_finance_process_managementMatch14.2.0

oraclebanking_trade_finance_process_managementMatch14.3.0

oraclebanking_trade_finance_process_managementMatch14.5.0

oraclecommunications_cloud_native_core_binding_support_functionMatch1.9.0

oraclecommunications_cloud_native_core_policyMatch1.11.0

oraclecommunications_design_studioMatch7.4.2.0.0

oraclecommunications_services_gatekeeperMatch7.0

oraclecommunications_session_border_controllerMatch8.4

oraclecommunications_session_border_controllerMatch9.0

oracleenterprise_communications_brokerMatch3.2.0

oracleenterprise_communications_brokerMatch3.3.0

oraclefinancial_services_crime_and_compliance_management_studioMatch8.0.8.2.0

oraclefinancial_services_crime_and_compliance_management_studioMatch8.0.8.3.0

oraclehealth_sciences_data_management_workbenchMatch2.5.2.1

oraclehealth_sciences_data_management_workbenchMatch3.0.0.0

oraclejd_edwards_enterpriseone_toolsRange<9.2.6.1

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepeoplesoft_enterprise_peopletoolsMatch8.59

oracleprimavera_gatewayRange17.12.0–17.12.11

oracleprimavera_gatewayRange18.8.0–18.8.12

oracleprimavera_gatewayRange19.12.0–19.12.11

oracleprimavera_gatewayRange20.12.0–20.12.7

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oracleretail_customer_management_and_segmentation_foundationMatch19.0

Node

netappactive_iq_unified_managerMatch-linux

netappactive_iq_unified_managerMatch-vmware_vsphere

netappactive_iq_unified_managerMatch-windows

netappcloud_managerMatch-

netappsystem_managerMatch9.0

Node

siemenssinec_insRange<1.0

siemenssinec_insMatch1.0-

siemenssinec_insMatch1.0sp1

References

cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851

security.netapp.com/advisory/ntap-20210312-0006/

snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929

snyk.io/vuln/SNYK-JS-LODASH-1040724

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for NVD:CVE-2021-23337

prion1 github2 veracode1 osv2 ubuntucve1 cvelist1 ibm44 nodejs1 redhatcve1 cve1 debiancve1 nessus7 redhat7 f51 ics1 oracle4