VDB
CVE-2021-42694
CVE-2021-42694
PUBLISHED
CVSS 8.699999809265137 HIGH
Es existieren mehrere Schwachstellen in verschiedenen Implementierungen von Unicode Standards. Betroffen sind beispielsweise Entwicklungsumgebungen, da diese spezielle Anforderungen an die Darstellung von Text haben. Ein Angreifer kann das ausnutzen indem er einen bösartigen Patch mit gut platzierten BiDi-Zeichen oder Homoglyphen erstellt, und damit einen menschlichen Prüfer täuschen kann. Im Ergebnis weicht der ausgeführte Code vom dargestellten Code ab. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion (z.B. Kompilieren eines manipulierten Quellcodes) erforderlich.
EPSS 8.24% · 92.4th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
8.24%
92.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Xerox FreeFlow Print Server 7 | |
| Atlassian | Atlassian Confluence < 7.4.13 | |
| Amazon | Amazon Linux 2 | |
| Atlassian | Atlassian Bitbucket < 6.10.14 | |
| Atlassian | Atlassian Fisheye < 4.8.8 | |
| Avaya | Avaya Aura Application Enablement Services | |
| Red Hat | Red Hat Enterprise Linux | |
| Avaya | Avaya Aura System Manager | |
| Xerox | Xerox FreeFlow Print Server v2 | |
| Atlassian | Atlassian Bitbucket < 7.17.1 | |
| Open Source | Open Source CentOS | |
| Avaya | Avaya Web License Manager | |
| Xerox | Xerox FreeFlow Print Server 9 | |
| Gentoo | Gentoo Linux | |
| Atlassian | Atlassian Jira Software < 8.20.1 | |
| Atlassian | Atlassian Bamboo < 8.0.4 | |
| Atlassian | Atlassian Crucible < 4.8.8 | |
| Avaya | Avaya Aura Session Manager | |
| Oracle | Oracle Linux | |
| Atlassian | Atlassian Bitbucket < 7.6.10 |
…and 4 more
Timeline
- Oct 31, 2021 CVE Published
- Nov 1, 2021 EPSS Score
- Nov 3, 2021 EPSS Score
- Nov 10, 2021 EPSS Score
- Nov 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Dec 11, 2022 CVE Updated
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1198.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1198 advisory
- https://alas.aws.amazon.com/AL2022/ALAS-2022-222.html advisory
- https://downloads.avaya.com/css/P8/documents/101078450 advisory
- https://access.redhat.com/errata/RHSA-2021:4034 advisory
- https://access.redhat.com/errata/RHSA-2021:4035 advisory
- https://access.redhat.com/errata/RHSA-2021:4036 advisory
- https://access.redhat.com/errata/RHSA-2021:4037 advisory
- https://access.redhat.com/errata/RHSA-2021:4038 advisory
- https://access.redhat.com/errata/RHSA-2021:4039 advisory
- https://linux.oracle.com/errata/ELSA-2021-4033.html advisory
- https://trojansource.codes/ advisory
- https://access.redhat.com/errata/RHSA-2021:4600 advisory
- https://access.redhat.com/errata/RHSA-2021:4586 advisory
- https://access.redhat.com/errata/RHSA-2021:4587 advisory
- https://access.redhat.com/errata/RHSA-2021:4588 advisory
- https://access.redhat.com/errata/RHSA-2021:4589 advisory
- https://access.redhat.com/errata/RHSA-2021:4590 advisory
- https://access.redhat.com/errata/RHSA-2021:4591 advisory
- https://access.redhat.com/errata/RHSA-2021:4585 advisory
…and 51 more