Vulnerability Name:

CVE-2020-27223 (CCN-197559)

Assigned:2020-10-19
Published:2021-02-26
Updated:2021-09-16
Summary:In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-27223

Source: CCN
Type: Bugzilla – Bug 571128
(CVE-2020-27223) - Jetty DOS vulnerability for Quoted Quality CSV headers

Source: CONFIRM
Type: Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128

Source: XF
Type: UNKNOWN
eclipse-cve202027223-dos(197559)

Source: CCN
Type: Jetty GIT Repository
DOS vulnerability for Quoted Quality CSV headers

Source: CONFIRM
Type: Third Party Advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7

Source: MLIST
Type: Mailing List, Third Party Advisory
[solr-issues] 20210407 [jira] [Created] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)

Source: MLIST
Type: Mailing List, Third Party Advisory
[solr-users] 20210310 Does CVE-2020-27223 impact Solr 8.6.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210307 [jira] [Updated] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7.0 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-gitbox] 20210303 [GitHub] [activemq] ehossack-aws opened a new pull request #616: Upgrade to Jetty 9.4.38.v20210224

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210315 [jira] [Created] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon closed pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[nifi-issues] 20210310 [jira] [Resolved] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr opened a new pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210316 [GitHub] [spark] xkrogen commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-dev] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[nifi-issues] 20210310 [jira] [Commented] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[nifi-issues] 20210310 [jira] [Created] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210310 [GitHub] [zookeeper] asfgit closed pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210315 [jira] [Commented] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[karaf-user] 20210301 Re: Jetty security defect

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210315 [jira] [Assigned] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[solr-issues] 20210813 [jira] [Resolved] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210310 [jira] [Resolved] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210308 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210308 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-dev] 20210310 Does CVE-2020-27223 impact Solr 8.6.1

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[solr-issues] 20210507 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210310 [zookeeper] branch master updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210315 [GitHub] [spark] AmplabJenkins commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-commits] 20210302 [kafka] branch 2.8 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[druid-commits] 20210302 [GitHub] [druid] a2l007 opened a new pull request #10937: Upgrade jetty to latest version

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210315 [jira] [Resolved] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210315 [GitHub] [spark] xkrogen opened a new pull request #31846: [SPARK-34752] Bump Jetty to 9.4.37 to address CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-dev] 20210310 Re: Does CVE-2020-27223 impact Solr 8.6.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[solr-issues] 20210623 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210309 [GitHub] [zookeeper] arshadmohammad commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210401-0005/

Source: DEBIAN
Type: Third Party Advisory
DSA-4949

Source: CCN
Type: IBM Security Bulletin 6466729 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6469935 (UrbanCode Deploy)
CVE-2020-27223 when Jetty handles a request containing multiple Accept headers the server may enter a denial of service (DoS) state

Source: CCN
Type: IBM Security Bulletin 6471577 (Secure Proxy)
Multiple Vulnerabilities were detected in IBM Secure Proxy

Source: CCN
Type: IBM Security Bulletin 6471615 (Secure External Authentication Server)
Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Source: CCN
Type: IBM Security Bulletin 6472057 (Resilient OnPrem)
IBM Security SOAR is using a component with known vulnerabilities - Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223)

Source: CCN
Type: IBM Security Bulletin 6574049 (Process Mining)
Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)

Source: CCN
Type: IBM Security Bulletin 6854577 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty

Source: CCN
Type: IBM Security Bulletin 6983274 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7001793 (App Connect Enterprise Toolkit)
Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-27223

Vulnerable Configuration:Configuration 1:
  • cpe:/a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:*:*:*:*:*:*:*:* (Version >= 9.4.7 and < 9.4.36)
  • OR cpe:/a:eclipse:jetty:9.4.36:-:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:9.4.36:20210114:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:apache:nifi:1.13.0:-:*:*:*:*:*:*
  • OR cpe:/a:apache:spark:3.1.1:-:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.70.1)
  • OR cpe:/a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
  • OR cpe:/a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:hci:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
  • OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*
  • OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/a:apache:solr:8.8.1:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/a:oracle:rest_data_services:*:*:*:*:-:*:*:* (Version < 20.4.3.050.1904)

  • Configuration CCN 1:
  • cpe:/a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:9.4.36:20210114:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:6.2.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:6.2.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_proxy:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:6.2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:6.2.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.0.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:7.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_proxy:3.4.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_proxy:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:2.4.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8024
    P
    jetty-http-9.4.48-150200.3.16.3 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:3395
    P
    vsftpd-3.0.2-40.11.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94954
    P
    libmicrohttpd-devel-0.9.57-1.33 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95025
    P
    jetty-http-9.4.43-3.12.2 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:102247
    P
    Security update for xen (Important)
    2022-02-04
    oval:org.opensuse.security:def:101667
    P
    Security update for ghostscript (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:112474
    P
    jetty-annotations-9.4.43-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:4545
    P
    Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP5) (Important)
    2021-12-14
    oval:org.opensuse.security:def:105971
    P
    jetty-annotations-9.4.43-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:101275
    P
    jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63017
    P
    jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72736
    P
    jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1928
    P
    jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:117847
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:5986
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:97338
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:108913
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:95534
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:65634
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:74702
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:67075
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:76143
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    oval:org.opensuse.security:def:108333
    P
    Security update for jetty-minimal (Important)
    2021-03-24
    BACK
    eclipse jetty 9.4.6 20170531
    eclipse jetty 9.4.6 20180619
    eclipse jetty *
    eclipse jetty 9.4.36 -
    eclipse jetty 9.4.36 20210114
    eclipse jetty 10.0.0 -
    eclipse jetty 11.0.0 -
    apache nifi 1.13.0
    apache spark 3.1.1 -
    netapp e-series santricity os controller *
    netapp e-series santricity web services -
    netapp element plug-in for vcenter server -
    netapp hci -
    netapp hci management node -
    netapp management services for element software -
    netapp snap creator framework -
    netapp snapcenter -
    netapp snapmanager -
    netapp snapmanager -
    netapp solidfire -
    debian debian linux 10.0
    apache solr 8.8.1
    oracle rest data services *
    eclipse jetty 9.4.6 20170531
    eclipse jetty 9.4.36 20210114
    eclipse jetty 10.0.0 -
    eclipse jetty 11.0.0 -
    ibm cognos analytics 11.0
    ibm urbancode deploy 6.2.7.3
    ibm cognos command center 10.2.4.1
    ibm cognos analytics 11.1
    ibm urbancode deploy 7.0.3.0
    ibm urbancode deploy 7.0.4.0
    ibm urbancode deploy 7.1.0.0
    ibm urbancode deploy 6.2.7.4
    ibm secure proxy 6.0.1
    ibm urbancode deploy 6.2.7.8
    ibm urbancode deploy 7.0.5.3
    ibm urbancode deploy 7.1.1.0
    ibm urbancode deploy 6.2.7.9
    ibm urbancode deploy 7.0.5.4
    ibm urbancode deploy 7.1.1.1
    ibm urbancode deploy 7.1.1.2
    ibm secure proxy 3.4.3.2
    ibm secure proxy 6.0.2
    ibm secure external authentication server 2.4.3.2
    ibm secure external authentication server 6.0.1
    ibm secure external authentication server 6.0.2
    ibm security verify governance 10.0