VDB
CVE-2021-41041
CVE-2021-41041
PUBLISHED
Es existiert eine Schwachstelle in IBM Java. In Eclipse Openj9 werden bei der Bytecode-Verifizierung aufgefangene Ausnahme nicht sachgemäß ausgelöst. Ein entfernter anonymer Angreifer kann diese Schwachstelle durch das Senden einer speziell gestalteten Anfrage ausnutzen, um um nicht verifizierte Methoden mit MethodHandles aufzurufen, und somit Sicherheitsvorkehrungen umgehen.
EPSS 0.08% · 23.5th percentile
Risk Scores
EPSS Score
0.08%
23.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM AIX 7.2 | |
| IBM | IBM Rational Directory Server (RDS) 5.2.1 | |
| IBM | IBM AIX 7.3 | |
| IBM | IBM AIX 7.1 | |
| IBM | IBM QRadar SIEM 7.5 | |
| IBM | IBM Security Guardium | |
| IBM | IBM QRadar SIEM 7.4 | |
| IBM | IBM Tivoli Monitoring | |
| IBM | IBM VIOS 3.1 | |
| IBM | IBM TXSeries 9.1 | |
| IBM | IBM TXSeries 8.2 |
Timeline
- Apr 27, 2022 EPSS Score
- Apr 27, 2022 CVE Published
- Apr 27, 2022 PoC Published
- Jun 16, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Sep 24, 2022 EPSS Score
- Nov 13, 2022 EPSS Score
- Dec 22, 2022 CVE Updated
- Jan 1, 2023 EPSS Score
- Feb 20, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1435.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1435 advisory
- https://aix.software.ibm.com/aix/efixes/security/java_dec2022_advisory.asc advisory
- https://www.ibm.com/support/pages/node/6848847 advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-ibm-java-sdk-affects-ibm-security-guardium-cve-2021-41041/ advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-july-2022/ advisory
- https://www.ibm.com/support/pages/node/6620263 advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-included-with-ibm-tivoli-monitoring-4/ advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-ibm-qradar-siem-2/ advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-txseries-for-multiplatforms-is-vulnerable-to-allowing-a-remote-attacker-to-bypass-security-restrictions-cve-2021-41041/ advisory