If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch Third Party Advisory |
https://hackerone.com/reports/1278254 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html | Issue Tracking Third Party Advisory |
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ | Patch Vendor Advisory |
https://security.gentoo.org/glsa/202401-02 | |
https://security.netapp.com/advisory/ntap-20210917-0003/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
05 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2022, 18:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html - Issue Tracking, Third Party Advisory | |
First Time |
Debian debian Linux
Debian Oracle jd Edwards Enterpriseone Tools |
06 Oct 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2022, 14:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* | |
First Time |
Siemens sinec Infrastructure Network Services
Siemens |
|
References | (MISC) https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ - Patch, Vendor Advisory | |
References | (MISC) https://hackerone.com/reports/1278254 - Exploit, Issue Tracking, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 18:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* |
|
First Time |
Oracle peoplesoft Enterprise Peopletools
|
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Dec 2021, 19:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:* cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210917-0003/ - Third Party Advisory |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Sep 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Aug 2021, 17:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/1278254 - Permissions Required, Third Party Advisory | |
References | (MISC) https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ - Vendor Advisory | |
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-295 |
16 Aug 2021, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-16 19:15
Updated : 2024-01-05 10:15
NVD link : CVE-2021-22939
Mitre link : CVE-2021-22939
CVE.ORG link : CVE-2021-22939
JSON object : View
Products Affected
debian
- debian_linux
oracle
- graalvm
- mysql_cluster
- jd_edwards_enterpriseone_tools
- peoplesoft_enterprise_peopletools
netapp
- nextgen_api
nodejs
- node.js
siemens
- sinec_infrastructure_network_services
CWE
CWE-295
Improper Certificate Validation