Vulnerability CVE-2021-3426

Vulnerability Name:

CVE-2021-3426 (CCN-201171)

Assigned:

2021-03-10

Published:

2021-03-10

Updated:

2023-06-30

Summary:

CVSS v3 Severity:

5.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.7 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
5.0 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.7 Low (CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-3426

Source: CCN
Type: Python Issue31128
Allow pydoc to run with an arbitrary hostname

Source: CCN
Type: Red Hat Bugzilla Bug 1935913
(CVE-2021-3426) - CVE-2021-3426 python: information disclosure via pydoc

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
python-pydoc-cve20213426-info-disc(201171)

Source: CCN
Type: Python GIT Repository
Allow pydoc to bind to arbitrary hostnames (#3011)

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6525030 (Spectrum Protect Plus)
Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:python:python:3.7:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8061	P	python3-tools-3.6.15-150300.10.45.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7654	P	libpython3_6m1_0-3.6.15-150300.10.45.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:695	P	Security update for rsync (Important)	2022-08-16
oval:org.opensuse.security:def:3547	P	libIlmImf-Imf_2_1-21-2.1.0-6.13.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3426	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3596	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3736	P	pam-modules-12.1-23.12 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3404	P	xinetd-2.3.15-8.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3065	P	expat-2.1.0-21.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94936	P	libcdio16-0.94-6.9.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94516	P	ceph-common-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94695	P	libpython3_6m1_0-3.6.15-150300.10.21.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94659	P	libmariadb3-3.1.13-3.30.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95056	P	python3-tools-3.6.15-150300.10.21.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94884	P	PackageKit-1.2.4-150400.1.11 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:189	P	libpython3_9-1_0-3.9.4-2.9 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:95231	P	Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important)	2022-05-16
oval:org.opensuse.security:def:4596	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) (Important)	2022-05-09
oval:org.opensuse.security:def:101597	P	Security update for firewalld, golang-github-prometheus-prometheus (Important)	2022-04-27
oval:org.opensuse.security:def:101649	P	Security update for wpa_supplicant (Important)	2022-03-04
oval:org.opensuse.security:def:100089	P	(Important)	2022-03-04
oval:org.opensuse.security:def:6008	P	Security update for python-numpy (Moderate)	2022-01-18
oval:org.opensuse.security:def:113312	P	python38-3.8.12-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113316	P	python39-3.9.7-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113241	P	python310-3.10.0rc1-4.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113244	P	python36-3.6.15-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:69969	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:105875	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9436	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:99380	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:92235	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:106755	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:10380	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:8689	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:4527	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:108315	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:70330	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:106070	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9630	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:99579	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:74684	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:92430	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:69576	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:8879	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:65616	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:98990	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:70520	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:106269	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9829	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:99778	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:92629	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:69770	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:105680	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9074	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:99185	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:92040	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:106468	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:10190	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:117829	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:92828	P	Security update for python3 (Moderate)	2021-12-23
oval:org.opensuse.security:def:100366	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:65685	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:93592	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:76425	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:67357	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:99443	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:94420	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:93118	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:835	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:100697	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:111838	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:93783	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:101823	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:99706	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:93279	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:1145	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:93998	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:100032	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:93436	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:73947	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:101566	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:99173	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:6268	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:64825	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:94209	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:74753	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:101944	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:4547	P	Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP5) (Important)	2021-12-14
oval:org.opensuse.security:def:73758	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:117552	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:5919	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:64636	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:101372	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:76076	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:67008	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:102180	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:95467	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:42151	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:108038	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:108846	P	Security update for python3 (Moderate)	2021-12-13
oval:org.opensuse.security:def:42249	P	Security update for python3 (Moderate)	2021-12-13
oval:com.redhat.rhsa:def:20214399	P	RHSA-2021:4399: python3 security update (Moderate)	2021-11-09
oval:com.redhat.rhsa:def:20214160	P	RHSA-2021:4160: python39:3.9 and python39-devel:3.9 security update (Moderate)	2021-11-09
oval:com.redhat.rhsa:def:20214162	P	RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate)	2021-11-09
oval:org.opensuse.security:def:106726	P	Security update for python-Pygments (Important)	2021-10-20
oval:org.opensuse.security:def:60395	P	Security update for python36 (Moderate)	2021-10-20
oval:org.opensuse.security:def:34572	P	Security update for python36 (Moderate)	2021-10-20
oval:org.opensuse.security:def:106722	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:87484	P	Security update for python36 (Moderate)	2021-10-09
oval:org.opensuse.security:def:33020	P	Security update for python36 (Moderate)	2021-10-09
oval:org.opensuse.security:def:58843	P	Security update for python36 (Moderate)	2021-10-09
oval:org.opensuse.security:def:106656	P	python310-3.10.0rc1-4.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106657	P	python36-3.6.15-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:4475	P	Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:1118	P	Security update for rpm (Important)	2021-08-12
oval:org.opensuse.security:def:101229	P	perl-MIME-Charset-1.012.2-1.24 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71948	P	libpython3_9-1_0-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62207	P	libpython3_9-1_0-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1953	P	python39-tools-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100965	P	libpython3_9-1_0-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72761	P	python39-tools-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63042	P	python39-tools-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:108263	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:73615	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:117410	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:5683	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:64493	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:96933	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:74632	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:101774	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:65564	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:75840	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:66772	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:42067	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:107895	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:108610	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:73807	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:117777	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:64685	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:74704	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:65636	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:76165	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:67097	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:32912	P	Security update for python36 (Moderate)	2021-05-04
oval:org.opensuse.security:def:58735	P	Security update for python36 (Moderate)	2021-05-04
oval:org.opensuse.security:def:34425	P	Security update for python36 (Moderate)	2021-05-04
oval:org.opensuse.security:def:60248	P	Security update for python36 (Moderate)	2021-05-04
oval:org.opensuse.security:def:87376	P	Security update for python36 (Moderate)	2021-05-04

BACK