Skip to main content

Siebel Core Automation

6 CVEs product

Monthly

CVE-2021-34428 Maven LOW PATCH Monitor

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jetty Debian Linux Active Iq Unified Manager E Series Santricity Os Controller +12
NVD GitHub
CVSS 3.1
3.5
EPSS
1.0%
CVE-2021-28165 Maven HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management Communications Cloud Native Core Policy Communications Element Manager +17
NVD GitHub
CVSS 3.1
7.5
EPSS
53.9%
CVE-2021-28164 Maven MEDIUM POC PATCH THREAT This Month

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty Cloud Manager E Series Performance Analyzer E Series Santricity Os Controller +13
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
82.4%
CVE-2021-28163 Maven LOW POC PATCH Monitor

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Jetty Fedora Ignite Solr +19
NVD GitHub
CVSS 3.1
2.7
EPSS
4.2%
CVE-2020-27218 Maven MEDIUM PATCH This Month

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Code Injection Jetty Oncommand System Manager Snap Creator Framework Blockchain Platform +13
NVD GitHub
CVSS 3.1
4.8
EPSS
8.1%
CVE-2020-27216 Maven HIGH POC PATCH This Week

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Jetty Snap Creator Framework Snapcenter Vasa Provider +14
NVD GitHub
CVSS 3.1
7.0
EPSS
4.3%
EPSS 1% CVSS 3.5
LOW PATCH Monitor

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jetty Debian Linux +14
NVD GitHub
EPSS 54% CVSS 7.5
HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management +19
NVD GitHub
EPSS 82% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty Cloud Manager +15
NVD GitHub Exploit-DB
EPSS 4% CVSS 2.7
LOW POC PATCH Monitor

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Jetty Fedora +21
NVD GitHub
EPSS 8% CVSS 4.8
MEDIUM PATCH This Month

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Code Injection Jetty Oncommand System Manager +15
NVD GitHub
EPSS 4% CVSS 7.0
HIGH POC PATCH This Week

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Jetty Snap Creator Framework +16
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy