Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:2139
HistoryMay 26, 2021 - 9:45 p.m.

(RHSA-2021:2139) Critical: Red Hat Data Grid 8.2.0 security update

2021-05-2621:45:53
access.redhat.com
63

0.901 High

EPSS

Percentile

98.8%

JSON

Red Hat Data Grid is a distributed, in-memory data store.

This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism (CVE-2021-31917)

  • XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344)

  • XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345)

  • XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346)

  • XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347)

  • XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350)

  • Infinispan: Actions with effects should not be permitted via GET requests using REST API (CVE-2020-10771)

  • XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)

  • XStream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)

  • netty: Information disclosure via the local system temporary directory (CVE-2021-21290)

  • netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)

  • XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)

  • XStream: SSRF via crafted input stream (CVE-2021-21342)

  • XStream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)

  • XStream: ReDoS vulnerability (CVE-2021-21348)

  • XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)

  • XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)

  • netty: Request smuggling via content-length header (CVE-2021-21409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 26
openvas 19
ibm 20
osv 19
debian 7
ubuntu 3
suse 5
amazon 2
mageia 2
redhat 16
oraclelinux 1
centos 1
fedora 3
nvd 11
cve 9
cvelist 8
prion 9
debiancve 4
ubuntucve 8
veracode 9
redos 1
githubexploit 3
redhatcve 4
nuclei 2
checkpoint_advisories 1
github 6
nessus
nessus
Debian DLA-2616-1 : libxstream-java security update
2021-04-05 00:00:00
openSUSE 15 Security Update : xstream (openSUSE-SU-2021:1840-1)
2021-07-16 00:00:00
openSUSE Security Update : xstream (openSUSE-2021-832)
2021-06-04 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1840-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-2616-1)
2021-04-04 00:00:00
Ubuntu: Security Advisory (USN-4943-1)
2021-05-12 00:00:00
ibm
ibm
Security Bulletin: XStream (Publicly disclosed vulnerability)
2021-08-23 05:52:50
Security Bulletin: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating
2021-04-13 21:10:50
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in XStream
2021-07-08 19:08:29
osv
osv
libxstream-java - security update
2021-04-03 00:00:00
libxstream-java vulnerabilities
2021-05-11 09:41:13
libxstream-java - security update
2020-12-31 00:00:00
debian
debian
[SECURITY] [DLA 2616-1] libxstream-java security update
2021-04-03 19:56:11
[SECURITY] [DLA 2507-1] libxstream-java security update
2020-12-31 15:08:44
[SECURITY] [DSA 4828-1] libxstream-java security update
2021-01-07 22:52:08
ubuntu
ubuntu
XStream vulnerabilities
2021-05-11 00:00:00
XStream vulnerabilities
2021-01-28 00:00:00
Netty vulnerabilities
2023-04-28 00:00:00
suse
suse
Security update for xstream (important)
2021-06-04 00:00:00
Security update for xstream (important)
2021-07-11 00:00:00
Security update for xstream (important)
2021-01-22 00:00:00
amazon
amazon
Important: xstream
2021-05-20 17:10:00
Important: xstream
2023-04-27 18:37:00
mageia
mageia
Updated xstream packages fix security vulnerabilities
2021-07-25 17:45:06
Updated netty packages fix security vulnerabilities
2021-07-27 23:21:53
redhat
redhat
(RHSA-2021:2475) Moderate: Red Hat Process Automation Manager 7.11.0 security update
2021-06-17 13:10:44
(RHSA-2021:2476) Moderate: Red Hat Decision Manager 7.11.0 security update
2021-06-17 13:10:59
(RHSA-2021:1354) Important: xstream security update
2021-04-26 05:03:43
oraclelinux
oraclelinux
xstream security update
2021-04-27 00:00:00
centos
centos
xstream security update
2021-04-29 17:56:41
fedora
fedora
[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34
2021-10-12 23:45:05
[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35
2021-10-29 23:18:39
[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33
2021-10-12 23:47:14
nvd
nvd
CVE-2021-21409
2021-03-30 15:15:14
CVE-2021-31917
2021-09-21 11:15:07
CVE-2020-10771
2021-06-02 12:15:07
cve
cve
CVE-2021-21409
2021-03-30 15:15:14
CVE-2021-31917
2021-09-21 11:15:07
CVE-2020-10771
2021-06-02 12:15:07
cvelist
cvelist
CVE-2021-21409 Possible request smuggling in HTTP/2 due missing validation of content-length
2021-03-30 15:05:17
CVE-2021-31917
2021-09-21 10:33:41
CVE-2020-10771
2021-06-02 11:02:53
prion
prion
Design/Logic Flaw
2021-03-30 15:15:00
Authentication flaw
2021-09-21 11:15:00
Cross site request forgery (csrf)
2021-06-02 12:15:00
debiancve
debiancve
CVE-2021-21409
2021-03-30 15:15:14
CVE-2020-26259
2020-12-16 01:15:12
CVE-2020-26258
2020-12-16 01:15:12
ubuntucve
ubuntucve
CVE-2021-21409
2021-03-30 00:00:00
CVE-2020-26259
2020-12-16 00:00:00
CVE-2020-26258
2020-12-16 00:00:00
veracode
veracode
HTTP Request Smuggling
2021-03-31 04:38:02
Remote Code Execution (RCE)
2020-12-17 03:43:07
Remote Code Execution (RCE)
2021-03-15 07:41:51
redos
redos
ROS-20220125-11
2022-01-25 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Xstream Project Xstream
2020-12-13 17:39:11
Exploit for Server-Side Request Forgery in Xstream Project Xstream
2021-01-22 08:44:24
Exploit for OS Command Injection in Xstream Project Xstream
2021-01-22 09:23:28
redhatcve
redhatcve
CVE-2021-31917
2021-05-26 21:12:45
CVE-2020-10771
2020-06-11 11:56:14
CVE-2021-21343
2021-03-24 14:53:49
nuclei
nuclei
XStream <1.4.15 - Server-Side Request Forgery
2023-03-12 03:38:05
XStream <1.4.16 - Remote Code Execution
2023-03-12 03:38:05
checkpoint_advisories
checkpoint_advisories
XStream Library Arbitrary File Deletion (CVE-2020-26259)
2021-04-27 00:00:00
github
github
Possible request smuggling in HTTP/2 due missing validation
2021-03-09 18:49:49
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
2021-03-22 23:28:13
XStream is vulnerable to a Remote Command Execution attack
2021-03-22 23:28:38

0.901 High

EPSS

Percentile

98.8%

JSON
Related for RHSA-2021:2139
nessus26openvas19ibm20osv19debian7ubuntu3suse5amazon2mageia2redhat16oraclelinux1centos1fedora3nvd11cve9cvelist8prion9debiancve4ubuntucve8veracode9redos1githubexploit3redhatcve4nuclei2checkpoint_advisories1github6