Vulnerability Name: CVE-2021-29842 (CCN-205202) Assigned: 2021-09-15 Published: 2021-09-15 Updated: 2021-09-27 Summary: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. CVSS v3 Severity: 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-307 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2021-29842 ibm-websphere-cve202129842-info-disc(205202) ibm-websphere-cve202129842-info-disc (205202) WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842) https://www.ibm.com/support/pages/node/6489485 iberty for Java for IBM Cloud is vulnerable to Information Disclosure (CVE-2021-29842) WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842) IBM WebSphere Application Server Vulnerability Affects Watson Speech Services Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL affect IBM Spectrum Control Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server & WAS Liberty is vulnerable to Information Exposure Novalink Vulnerability to allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. (CVE-2021-29842) The version of IBM WebSphere Liberty shipped with IBM MQ is vulnerable to multiple CVEs (CVE-2021-29842,CVE-2021-33517, CVE-2021-36090) A vulnerability in Liberty affects IBM WIoTP MessageGateway (CVE-2021-29842) Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j Multiple Security Vulnerabilities Affect IBM Cloud Transformation Advisor Multiple security vulnerabilities fixed in Cloud Pak for Automation components A vulnerability has been identified in IBM WebSphere Liberty shipped with IBM Tivoli Netcool Impact (CVE-2021-29842) IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. IBM Transformation Extender Advanced is vulnerable to information exposure due to IBM WebSphere Application Server Liberty (CVE-2021-29842) Security Vulnerabilities affect IBM Cloud Private - IBM WebSphere Application Server (CVE-2021-29842) Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM InfoSphere Information Server A vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Intelligent Operations Center (CVE-2021-29842) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 7.0.0.0 and <= 7.0.0.45)OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.0.0.15) OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.5 and <= 8.5.5.20) OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 9.0.0.0 and <= 9.0.5.9) OR cpe:/a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:* (Version >= 17.0.0.3 and <= 21.0.0.9) Configuration CCN 1 :cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:* AND cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:transformation_extender:9.0:*:advanced:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:messagesight:5.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:iot_messagesight:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:iot_messagesight:5.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.4:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.5:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.6:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.7:*:*:*:*:*:*:* OR cpe:/a:ibm:mq:9.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:* BACK
ibm websphere application server *
ibm websphere application server *
ibm websphere application server *
ibm websphere application server *
ibm websphere application server *
ibm websphere application server 7.0
ibm websphere application server 8.0
ibm websphere application server 8.5
ibm websphere application server 9.0
ibm websphere application server 17.0.0.3
ibm tivoli netcool/impact 7.1.0
ibm transformation extender 9.0
ibm tivoli monitoring 6.3.0.7
ibm infosphere information server 11.7
ibm intelligent operations center 5.1.0
ibm intelligent operations center 5.1.0.2
ibm intelligent operations center 5.1.0.3
ibm intelligent operations center 5.1.0.4
ibm intelligent operations center 5.1.0.6
ibm messagesight 5.0.0.1
ibm mq 9.1.0
ibm spectrum control 5.3.1
ibm spectrum control 5.3.2
ibm spectrum control 5.3.3
ibm spectrum control 5.3.0.1
ibm iot messagesight 2.0
ibm iot messagesight 5.0.0.0
ibm tivoli application dependency discovery manager 7.3.0.3
ibm cloud private 3.2.1 cd
ibm intelligent operations center 5.2
ibm intelligent operations center 5.2.1
ibm cloud private 3.2.2 cd
ibm spectrum control 5.3.4
ibm spectrum control 5.3.5
ibm spectrum control 5.3.6
ibm spectrum control 5.3.7
ibm mq 9.2.0
ibm spectrum control 5.4.1
ibm cloud pak for automation 21.0.1
ibm cloud pak for automation 21.0.2 -
Denotes that component is vulnerable