| Vulnerability Name: | CVE-2021-33813 (CCN-203804) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2021-06-08 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2021-06-08 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-02-28 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the a denial of service. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-33813 Source: CCN Type: JDOM Web site JDOM Source: CCN Type: Aleph Research Advisory 2021003 XXE in JDOM library - Java Source: cve@mitre.org Type: Exploit, Third Party Advisory cve@mitre.org Source: XF Type: UNKNOWN jdom-cve202133813-dos(203804) Source: cve@mitre.org Type: Patch, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Release Notes, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: CCN Type: IBM Security Bulletin 6540600 (Data Risk Manager) IBM Data Risk Manager is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6574453 (QRadar SIEM) IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-22345, CVE-2020-8022, CVE-2021-33813, CVE-2020-9488) Source: CCN Type: IBM Security Bulletin 6590297 (Sterling Control Center) IBM Sterling Control Center is vulnerable to a denial of service due to JDOM (CVE-2021-33813) Source: CCN Type: IBM Security Bulletin 6595755 (Disconnected Log Collector) IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6596019 (Curam Social Program Management) Curam Social Program Management may be affected by Denial of Service vulnerability in JDOM (CVE-2021-33813) Source: CCN Type: IBM Security Bulletin 6601529 (Tivoli Netcool/Impact) A security vulnerability has been identified in JDOM shipped with IBM Tivoli Netcool Impact (CVE-2021-33813) Source: CCN Type: IBM Security Bulletin 6607163 (Maximo Asset Management) IBM Maximo Asset Management, IBM Maximo Manage in IBM Maximo Application Suite and IBM Maximo Manage in IBM Maximo Application Suite as a Service may be affected by XML External Entity (XXE) attacks (CVE-2021-33813) Source: CCN Type: IBM Security Bulletin 6829353 (InfoSphere Information Server) A vulnerability in JDOM affects IBM InfoSphere Information Server Source: CCN Type: Oracle CPUApr2022 Oracle Critical Patch Update Advisory - April 2022 Source: cve@mitre.org Type: Patch, Third Party Advisory cve@mitre.org Source: CCN Type: Oracle CPUJul2022 Oracle Critical Patch Update Advisory - July 2022 Source: cve@mitre.org Type: Not Applicable cve@mitre.org | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||