CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41532

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.7%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://www.openwall.com/lists/oss-security/2021/11/19/8
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E
http://www.openwall.com/lists/oss-security/2021/11/19/8
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E

Products affected by CVE-2021-41532

Apache » Ozone » Version: N/A

cpe:2.3:a:apache:ozone:-
Apache » Ozone » Version: 0.4.2

cpe:2.3:a:apache:ozone:0.4.2
Apache » Ozone » Version: 0.5.0

cpe:2.3:a:apache:ozone:0.5.0
Apache » Ozone » Version: 1.0.0

cpe:2.3:a:apache:ozone:1.0.0
Apache » Ozone » Version: 1.1.0

cpe:2.3:a:apache:ozone:1.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41532

Products

Pricing

Contact Us