CVE-2021-30129

Published Jul 12, 2021

Last updated a year ago

CVSS medium 6.5

Overview

Description: A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-772

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FAD7B00-AFF0-4312-834F-F6ED92252FD7",
            "versionEndExcluding": "2.7.0",
            "versionStartIncluding": "2.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "633E5B20-A7A7-4346-A71D-58121B006D00"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368",
            "versionEndIncluding": "14.3.0",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCCFDDAC-CF84-4259-BA65-98DC5482A0A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9F9C25-7424-4EA5-84D4-880DE1FC56C8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "747C7295-8731-4C59-BC81-CE60C4028C23"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References