Vulnerability CVE-2021-21409 - CERT Civis.Net

Vulnerability Name:

CVE-2021-21409 (CCN-199150)

Assigned:

2020-12-22

Published:

2021-03-30

Updated:

2022-05-12

Summary:

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-21409

Source: MISC
Type: Third Party Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295

Source: XF
Type: UNKNOWN
netty-cve202121409-request-smuggling(199150)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432

Source: CCN
Type: Netty GIT Repository
Possible request smuggling in HTTP/2 due missing validation of content-length

Source: CONFIRM
Type: Third Party Advisory
https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32

Source: MISC
Type: Third Party Advisory
https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Source: MLIST
Type: Mailing List, Third Party Advisory
[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Third Party Advisory
[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher

Source: MLIST
Type: Mailing List, Third Party Advisory
[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409

Source: MLIST
Type: Mailing List, Third Party Advisory
[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210604-0003/

Source: DEBIAN
Type: Third Party Advisory
DSA-4885

Source: CCN
Type: IBM Security Bulletin 6462247 (Tivoli Netcool/OMNIbus)
Multiple vulnerabilities have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)

Source: CCN
Type: IBM Security Bulletin 6464809 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty

Source: CCN
Type: IBM Security Bulletin 6469413 (Watson Machine Learning on CP4D)
Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21409)

Source: CCN
Type: IBM Security Bulletin 6473077 (Spectrum Scale)
A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tier CVE-2021-21409

Source: CCN
Type: IBM Security Bulletin 6491163 (Planning Analytics)
IBM Planning Analytics Workspace is affected by security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6518930 (Netcool Agile Service Manager)
Vulnerabilities affect IBM Netcool Agile Service Manager

Source: CCN
Type: IBM Security Bulletin 6528214 (Cloud Pak for Multicloud Management)
IBM Cloud Pak for Multicloud Management Monitoring has patched several open source dependencies

Source: CCN
Type: IBM Security Bulletin 6538156 (Cloud Private)
Vulnerability in Netty affects IBM Cloud Private (CVE-2021-21409)

Source: CCN
Type: IBM Security Bulletin 6572999 (Security Guardium)
IBM Security Guardium is affected by a number of security vulnerabilities in Netty, which is used by Guardium (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137)

Source: CCN
Type: IBM Security Bulletin 6582695 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6607599 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6830683 (Sterling B2B Integrator)
IBM Sterling B2B Integrator B2B API vulnerable to multiple issues due to Apache Zookeeper (CVE-2019-0201, CVE-2021-21409)

Source: CCN
Type: IBM Security Bulletin 6831007 (Sterling Order Management)
IBM Sterling Order Management Netty 4.1.34 vulnerablity

Source: CCN
Type: IBM Security Bulletin 6831813 (Netcool Operations Insight)
Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6967333 (QRadar SIEM)
IBM QRadar SIEM includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6980407 (Sterling Order Management)
Netty Vulnerabilites 4.0.37

Source: CCN
Type: IBM Security Bulletin 7001867 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUJul2021
Oracle Critical Patch Update Advisory - July 2021

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-21409

Vulnerable Configuration:

Configuration 1:

cpe:/a:netty:netty:*:*:*:*:*:*:*:* (Version < 4.1.61)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 19.12.0 and <= 19.12.10)

OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 18.8.0 and <= 18.8.11)

OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 17.12.0 and <= 17.12.11)

OR cpe:/a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:helidon:1.4.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:helidon:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version < 9.2.6.3)

OR cpe:/a:oracle:nosql_database:*:*:*:*:*:*:*:* (Version < 21.1.12)

Configuration 5:

cpe:/a:quarkus:quarkus:*:*:*:*:*:*:*:* (Version <= 1.13.7)

Configuration CCN 1:

cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:1.1.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:netcool_agile_service_manager:1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable