Unknown
CVE-2021-25329
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-25329
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- apache,
- debian,
- oracle
Products
- agile plm 9.3.3,
- agile plm 9.3.6,
- communications cloud native core policy 1.14.0,
- communications cloud native core security edge protection proxy 1.6.0,
- communications instant messaging server 10.0.1.5.0,
- database 12.2.0.1,
- database 19c,
- database 21c,
- debian linux 10.0,
- debian linux 9.0,
- graph server and client,
- instantis enterprisetrack 17.1,
- instantis enterprisetrack 17.2,
- instantis enterprisetrack 17.3,
- managed file transfer 12.2.1.3.0,
- managed file transfer 12.2.1.4.0,
- mysql enterprise monitor,
- siebel ui framework,
- siebel ui framework 21.9,
- tomcat,
- tomcat 10.0.0,
- tomcat 9.0.0
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: