CVE-2021-22946

{"id": "CVE-2021-22946", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-09-29T20:15:08.187", "references": [{"url": "http://seclists.org/fulldisclosure/2022/Mar/29", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/1334111", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.gentoo.org/glsa/202212-01", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20211029-0003/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20220121-0008/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://support.apple.com/kb/HT213183", "tags": ["Release Notes", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.debian.org/security/2022/dsa-5197", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-325"}]}], "descriptions": [{"lang": "en", "value": "A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network."}, {"lang": "es", "value": "Un usuario puede decirle a curl versiones posteriores a 7.20.0 incluy\u00e9ndola , y versiones anteriores a 7.78.0 incluy\u00e9ndola, que requiera una actualizaci\u00f3n con \u00e9xito a TLS cuando hable con un servidor IMAP, POP3 o FTP (\"--ssl-reqd\" en la l\u00ednea de comandos o \"CURLOPT_USE_SSL\" configurado como \"CURLUSESSL_CONTROL\" o \"CURLUSESSL_ALL\" conlibcurl). Este requisito podr\u00eda ser omitido si el servidor devolviera una respuesta correctamente dise\u00f1ada pero perfectamente leg\u00edtima. Este fallo har\u00eda que curl continuara silenciosamente sus operaciones **withoutTLS** en contra de las instrucciones y expectativas, exponiendo posiblemente datos confidenciales en texto sin cifrar a trav\u00e9s de la red"}], "lastModified": "2024-03-27T15:12:52.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CACB6A8-0CF6-4283-BB33-FE3B0026A23E", "versionEndExcluding": "7.79.0", "versionStartIncluding": "7.20.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163"}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570"}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E667933A-37EA-4BC2-9180-C3B4B7038866", "versionEndIncluding": "5.7.35", "versionStartIncluding": "5.7.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "709E83B4-8C66-4255-870B-2F72B37BA8C6", "versionEndIncluding": "8.0.26", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9060C1B6-F101-46AE-8B08-6D6951304916", "versionEndExcluding": "12.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C2BC68D-C8B2-4C8B-9426-21F00CBDD873"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}