CVE-2021-26117

{"id": "CVE-2021-26117", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-27T19:15:13.720", "references": [{"url": "https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b%40%3Cgitbox.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7%40%3Cgitbox.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/ra255ddfc8b613b80e9fa22ff3e106168b245f38a22316bfb54d21159%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7%40%3Cissues.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac%40%3Cgitbox.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6%40%3Ccommits.activemq.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html", "source": "security@apache.org"}, {"url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA%40mail.gmail.com%3e", "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20210304-0008/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Not Applicable", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password."}, {"lang": "es", "value": "El m\u00f3dulo de inicio de sesi\u00f3n LDAP de ActiveMQ opcional puede ser configurado para usar el acceso an\u00f3nimo al servidor LDAP. En este caso, para Apache ActiveMQ Artemis anterior a versi\u00f3n 2.16.0 y Apache ActiveMQ anterior a versiones 5.16.1 y 5.15.14, el contexto an\u00f3nimo es usado para verificar una contrase\u00f1a de usuario v\u00e1lida por error, resultando en una comprobaci\u00f3n de la contrase\u00f1a"}], "lastModified": "2023-11-20T22:15:06.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EEB8CE4-89D2-4D1B-BCB7-E236991EBE7C", "versionEndExcluding": "5.15.14", "versionStartIncluding": "5.15.0"}, {"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A64C2811-88CE-4A83-943C-A71EDD536E9D", "versionEndExcluding": "5.16.1", "versionStartIncluding": "5.16.0"}, {"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFC99E51-1E24-4DD8-BC3E-271133CF074C", "versionEndExcluding": "2.16.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0331877D-D5DB-4EE8-8220-C1CDC3F90CB0", "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2", "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A528287-BF09-4E87-8192-81DBFB57A100", "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}