Vulnerability CVE-2021-32066

Vulnerability Name:

CVE-2021-32066 (CCN-206598)

Assigned:

2021-07-07

Published:

2021-07-07

Updated:

2023-04-30

Summary:

CVSS v3 Severity:

7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

7.4 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-32066

Source: XF
Type: UNKNOWN
ruby-cve202132066-sec-bypass(206598)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Exploit, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Ruby Web site
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP

Source: cve@mitre.org
Type: Vendor Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:airbrake:airbrake_ruby:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:airbrake:airbrake_ruby:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:airbrake:airbrake_ruby:3.0.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7660	P	libruby2_5-2_5-2.5.9-150000.4.26.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51988	P	Security update for python-py (Moderate)	2023-01-26
oval:org.opensuse.security:def:3070	P	freeradius-server-3.0.19-1.48 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3532	P	java-1_7_0-openjdk-1.7.0.231-43.27.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3715	P	libzypp-16.20.0-2.39.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94644	P	libinput-devel-1.19.4-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94700	P	libruby2_5-2_5-2.5.9-150000.4.23.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94018	P	(Important)	2022-05-03
oval:org.opensuse.security:def:119196	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:94439	P	(Important)	2022-05-03
oval:org.opensuse.security:def:93132	P	(Important)	2022-05-03
oval:org.opensuse.security:def:118699	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:93450	P	(Important)	2022-05-03
oval:org.opensuse.security:def:119386	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:93804	P	(Important)	2022-05-03
oval:org.opensuse.security:def:118889	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:94230	P	(Important)	2022-05-03
oval:org.opensuse.security:def:42180	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:119571	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:93292	P	(Important)	2022-05-03
oval:org.opensuse.security:def:878	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:467	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:119086	P	Security update for ruby2.5 (Important)	2022-05-03
oval:org.opensuse.security:def:93604	P	(Important)	2022-05-03
oval:org.opensuse.security:def:101624	P	Security update for ruby2.5 (Important) (in QA)	2022-04-21
oval:org.opensuse.security:def:99766	P	(Moderate)	2022-03-24
oval:com.redhat.rhsa:def:20220672	P	RHSA-2022:0672: ruby:2.5 security update (Moderate)	2022-02-24
oval:com.redhat.rhsa:def:20220543	P	RHSA-2022:0543: ruby:2.6 security update (Important)	2022-02-16
oval:org.opensuse.security:def:112818	P	libruby3_0-3_0-3.0.2-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112815	P	libruby2_7-2_7-2.7.4-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:100077	P	(Moderate)	2022-01-11
oval:org.opensuse.security:def:99173	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:111147	P	Security update for ruby2.5 (Important)	2021-12-06
oval:org.opensuse.security:def:32229	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:60422	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:99368	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:24000	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:56098	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:87515	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:93430	P	(Important)	2021-12-01
oval:org.opensuse.security:def:106058	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:73926	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:83362	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:9062	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:92223	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:100020	P	(Important)	2021-12-01
oval:org.opensuse.security:def:34599	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:67332	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:101357	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:30275	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:58874	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:89482	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:93774	P	(Important)	2021-12-01
oval:org.opensuse.security:def:108023	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:85777	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:10177	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:126800	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:6243	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:70317	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:99162	P	(Important)	2021-12-01
oval:org.opensuse.security:def:33051	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:64621	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:99567	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:94200	P	(Important)	2021-12-01
oval:org.opensuse.security:def:26173	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:57136	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:88224	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:106257	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:76060	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:83482	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:42142	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:9423	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:92418	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:100356	P	(Important)	2021-12-01
oval:org.opensuse.security:def:69563	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:102164	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:31313	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:59569	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:98978	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:108830	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:55276	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:86175	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:93272	P	(Important)	2021-12-01
oval:org.opensuse.security:def:105668	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:10368	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:95451	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:814	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:127197	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:8676	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:70508	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:99434	P	(Important)	2021-12-01
oval:org.opensuse.security:def:33746	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:64804	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:29453	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:57534	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:88541	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:93586	P	(Important)	2021-12-01
oval:org.opensuse.security:def:106456	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:76400	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:84243	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:111804	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:9618	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:92617	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:100685	P	(Important)	2021-12-01
oval:org.opensuse.security:def:69758	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:5160	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:31711	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:59827	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:93988	P	(Important)	2021-12-01
oval:org.opensuse.security:def:23715	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:55978	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:86693	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:105863	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:73743	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:82660	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:8867	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:92028	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:99697	P	(Important)	2021-12-01
oval:org.opensuse.security:def:34004	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:66992	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:94411	P	(Important)	2021-12-01
oval:org.opensuse.security:def:30155	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:58052	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:89224	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:106743	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:51703	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:84701	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:93112	P	(Important)	2021-12-01
oval:org.opensuse.security:def:9817	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:92816	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:101545	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:125633	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:5903	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:69957	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:117537	P	Security update for ruby2.5 (Important)	2021-12-01
oval:com.redhat.rhsa:def:20213020	P	RHSA-2021:3020: ruby:2.7 security update (Important)	2021-08-05

BACK