Vulnerability CVE-2021-32809 - CERT Civis.Net

Vulnerability Name:

CVE-2021-32809 (CCN-207429)

Assigned:

2021-08-12

Published:

2021-08-12

Updated:

2022-04-25

Summary:

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
4.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-32809

Source: CCN
Type: CKEditor Web site
CKEditor

Source: XF
Type: UNKNOWN
ckeditor-cve202132809-html-injection(207429)

Source: CCN
Type: CKEditor4 GIT Repository
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality

Source: CONFIRM
Type: Third Party Advisory
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-51457da891

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-72176a63a8

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-87578dca12

Source: CCN
Type: IBM Security Bulletin 6570957 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6852451 (Sterling B2B Integrator)
B2B API of IBM Sterling B2B Integrator vulnerable to multiple issues due to CKEditor

Source: CCN
Type: IBM Security Bulletin 6985607 (Engineering Workflow Management)
IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:ckeditor:ckeditor:*:*:*:*:*:node.js:*:* (Version >= 4.5.2 and < 4.16.2)

Configuration 2:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:application_express:*:*:*:*:*:*:*:* (Version < 21.1.4)

OR cpe:/a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:commerce_merchandising:11.3.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:documaker:12.6.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:documaker:12.6.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* (Version >= 8.0.7 and <= 8.1.1)

OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version < 9.2.6.0)

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ckeditor:ckeditor:4.5.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.2.0:*:*:*:standard:*:*:*

Denotes that component is vulnerable