CVE-2021-39031

CWE-743 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 51.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Application Server Liberty

Timeline

PublishedJan 25

Latest updateJan 26

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/websphere_application_server_liberty17.0.0.3, 22.0.0.1+1

▶NVDibm/websphere_application_server17.0.0.3 — 22.0.0.1

🔴Vulnerability Details

GHSA

GHSA-m759-xq9x-mcpr: IBM WebSphere Application Server - Liberty 17↗2022-01-26

▶

CVEList

CVE-2021-39031: IBM WebSphere Application Server - Liberty 17↗2022-01-25

▶