Home » Vulnerable Apache Commons: Vulnerability permits data disclosure

Vulnerable Apache Commons: Vulnerability permits data disclosure

by admin
Vulnerable Apache Commons: Vulnerability permits data disclosure

A safety alert issued for Apache Commons has acquired an replace from BSI. You can examine which working programs and merchandise are affected by the safety hole right here at information.de.

Federal workplace for Security in Information Technology (BSI) revealed an replace on May 16, 2024 for the Apache Commons safety vulnerability recognized on April 12, 2021. The safety vulnerability impacts Linux, UNIX and Windows working programs and Debian Linux merchandise , Amazon Linux 2, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Hitachi Ops Center and Apache Commons.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: IBM Security Bulletin 7153639 (From 17 May 2024). Some helpful hyperlinks are listed later on this article.

Apache Commons Security Advisory – Risk: Medium

Risk stage: 2 (average)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS commonplace makes it potential to match potential or precise safety dangers based mostly on varied metrics as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body circumstances that will change over time are thought-about within the take a look at. According to the CVSS, the chance of the present vulnerability is assessed as “average” with 6.5 foundation factors.

See also  Govee Neon Rope Light 2 in the test, excellent smart lighting!

Apache Commons Bug: Vulnerability permits data disclosure

Apache Commons is an Apache mission that covers all points of reusable Java elements.

A distant, unknown attacker may exploit a vulnerability in Apache Commons to show data.

Vulnerabilities are recognized by a singular CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2021-29425 on the market.

Systems affected by the safety hole at a look

Operating programs
Linux, UNIX, Windows

Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Hitachi Ops Center (cpe:/a:hitachi:ops_center)
Apache Commons

General suggestions for coping with IT vulnerabilities

  1. Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This usually accommodates further details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
  3. If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace obtainable.

Manufacturer details about updates, patches and workarounds

Here you will see that some hyperlinks with details about bug reviews, safety fixes and workarounds.

IBM Security Bulletin 7153639 vom 2024-05-17 (16.05.2024)
For extra data, see:

Amazon Linux Security Advisory ALAS2-2023-2059 vom 2023-06-05 (05.06.2023)
For extra data, see:

Red Hat Security Advisory RHSA-2022:1110 vom 2022-03-29 (29.03.2022)
For extra data, see:

See also  Esquire International Chinese Edition Esquire Magazine - Anniversary Watch! Which of the six major brands, including Grand Seiko, TAG Heuer Carrera, and Citizen radio-controlled timepieces, makes your heart beat?

Red Hat Security Advisory RHSA-2022:1108 vom 2022-03-29 (29.03.2022)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3700 vom 2021-09-30 (29.09.2021)
For extra data, see:

Ubuntu Security Notice USN-5095-1 vom 2021-09-29 (29.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3656 vom 2021-09-23 (23.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3658 vom 2021-09-23 (23.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3660 vom 2021-09-23 (23.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3516 vom 2021-09-13 (13.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3471 vom 2021-09-08 (08.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3468 vom 2021-09-08 (08.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3466 vom 2021-09-08 (08.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3467 vom 2021-09-08 (08.09.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20 (19.08.2021)
For extra data, see:

Debian Security Advisory DLA-2741 vom 2021-08-12 (12.08.2021)
For extra data, see:

Hitachi Risk Information HITACHI-SEC-2021-125 vom 2021-07-30 (29.07.2021)
For extra data, see:

Red Hat Security Advisory RHSA-2021:2465 vom 2021-07-07 (06.07.2021)
For extra data, see:

SUSE Security Update SUSE-SU-2021:1315-1 vom 2021-04-26 (26.04.2021)
For extra data, see:

SUSE Security Update SUSE-SU-2021:1282-1 vom 2021-04-20 (20.04.2021)
For extra data, see:

RedHat Bugzilla (12.04.2021)
For extra data, see:

Apache issues (12.04.2021)
For extra data, see:

Version historical past of this safety alert

This is model 14 of this Apache Commons IT Security Notice. This doc will likely be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.

See also  Promoting the system innovation of data element market construction in many places still needs to make breakthroughs

April 12, 2021 – First model
April 20, 2021 – New updates from SUSE added
April 26, 2021 – New updates from SUSE have been added
July 6, 2021 – New updates from Red Hat have been added
July 29, 2021 – New updates from HITACHI added
08/12/2021 – New updates from Debian added
08/19/2021 – New updates from Red Hat have been added
09/08/2021 – New updates from Red Hat have been added
09/13/2021 – New updates from Red Hat have been added
09/23/2021 – New updates from Red Hat have been added
09/29/2021 – Added new character updates
03/29/2022 – New updates from Red Hat have been added
June 5, 2023 – Added new updates from Amazon
May 16, 2024 – New updates from IBM added

+++ Editorial observe: This doc relies on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy