CVE-2021-29842 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-29842 PUBLISHED CVSS 3.700000047683716 LOW

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

EPSS 0.37% · 58.6th percentile

Risk Scores

CVSS v3.0

3.700000047683716

CVSS:3.0/AC:H/C:L/A:N/S:U/UI:N/PR:N/AV:N/I:N/RL:O/E:U/RC:C

EPSS Score

0.37%

58.6th percentile

Affected Products

Vendor	Product	Versions
IBM	WebSphere Application Server	7.0, 8.0, 8.5
IBM	WebSphere Application Server Liberty	21.0.0.9, 17.0.0.3
ibm	websphere_application_server	7.0.0.0, 8.0.0.0, 8.5

Timeline

Sep 16, 2021 CVE Published
Sep 17, 2021 EPSS Score
Sep 28, 2021 EPSS Score
Oct 5, 2021 EPSS Score
Nov 13, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 9, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 2, 2022 EPSS Score
Jun 28, 2022 EPSS Score
Aug 25, 2022 EPSS Score

References

Open in Interactive Console →