Vulnerability CVE-2021-32808 - CERT Civis.Net

Vulnerability Name:

CVE-2021-32808 (CCN-207430)

Assigned:

2021-08-12

Published:

2021-08-12

Updated:

2022-02-28

Summary:

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

7.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2021-32808

Source: CCN
Type: CKEditor Web site
CKEditor

Source: XF
Type: UNKNOWN
ckeditor-cve202132808-xss(207430)

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2

Source: CCN
Type: CKEditor4 GIT Repository
Widget feature vulnerability allowing to execute JavaScript code using undo functionality

Source: CONFIRM
Type: Third Party Advisory
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-51457da891

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-72176a63a8

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-87578dca12

Source: CCN
Type: IBM Security Bulletin 6570957 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6852451 (Sterling B2B Integrator)
B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:ckeditor:ckeditor:*:*:*:*:*:node.js:*:* (Version >= 4.13.0 and < 4.16.2)

Configuration 2:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:application_express:*:*:*:*:*:*:*:* (Version < 21.1.4)

OR cpe:/a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:commerce_merchandising:11.3.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:documaker:12.6.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:documaker:12.6.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* (Version >= 8.0.7 and <= 8.1.1)

OR cpe:/a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version <= 9.2.6.0)

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

OR cpe:/a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* (Version <= 21.9)

OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ckeditor:ckeditor:4.13.0:*:*:*:*:node.js:*:*

AND

cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.2.0:*:*:*:standard:*:*:*

Denotes that component is vulnerable