Vulnerability Name:

CVE-2021-39293 (CCN-220196)

Assigned:2021-08-18
Published:2021-08-18
Updated:2023-04-20
Summary:
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-39293

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: XF
Type: UNKNOWN
golang-cve202139293-dos(220196)

Source: CCN
Type: Golang Web site
Golang Go

Source: cve@mitre.org
Type: Issue Tracking, Release Notes, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: NetApp Advisory Number NTAP-20220217-0009
CVE-2021-39293 Golang Vulnerability in NetApp Products

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6590253 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-39293

Source: CCN
Type: IBM Security Bulletin 6602255 (MQ Operator CD release)
IBM MQ Operator and Queue manager container images are vulnerable to vulnerabilities from Golang Go and IBM WebSphere Application Server Liberty (CVE-2021-39293 and CVE-2021-39038)

Source: CCN
Type: IBM Security Bulletin 6606299 (Cloud Pak for Multicloud Management)
IBM Cloud Pak for Multicloud Management Monitoring has multiple vulnerabilities associated with the Go runtime (CVE-2021-29923, CVE-2021-31525, CVE-2021-33194, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198)

Source: CCN
Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6831813 (Netcool Operations Insight)
Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6956311 (Cloud Pak for Multicloud Management)
Multiple Vulnerabilities in Multicloud Management Security Services

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:golang:go:1.16.0:-:*:*:*:*:*:*
  • OR cpe:/a:golang:go:1.17.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:app_connect_enterprise_certified_container:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:3387
    P
    		u-boot-rpi3-2019.01-3.7 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95017
    P
    		go1.17-1.17.9-150000.1.31.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94916
    P
    		ibus-1.5.25-150400.1.13 on GA media (Moderate)
    2022-06-22
    oval:com.redhat.rhsa:def:20221819
    P
    		RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate)
    2022-05-10
    oval:org.opensuse.security:def:4578
    P
    		Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5) (Important)
    2022-04-15
    oval:org.opensuse.security:def:101629
    P
    		Security update for xen (Important)
    2022-02-04
    oval:org.opensuse.security:def:112337
    P
    		go1.16-1.16.8-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:112339
    P
    		go1.17-1.17.1-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105857
    P
    		Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:105856
    P
    		Security update for binutils (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:4507
    P
    		Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP5) (Important)
    2021-10-14
    oval:org.opensuse.security:def:111078
    P
    		Security update for go1.16 (Important)
    2021-10-11
    oval:org.opensuse.security:def:65596
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:101805
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:65667
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:74664
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:117809
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:108295
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:1127
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:74735
    P
    		Security update for go1.16 (Important)
    2021-10-06
    oval:org.opensuse.security:def:111733
    P
    		Security update for go1.16 (Important)
    2021-10-06
    BACK
    golang go 1.16.0 -
    golang go 1.17.0
    ibm app connect enterprise certified container 1.1.0
    ibm app connect enterprise certified container 4.1
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm robotic process automation for cloud pak 21.0.3