{
"index": "vulnerabilities",
"id_type": "cve",
"id": "CVE-2021-4034",
"request_time": 1668561961,
"results_count": 1,
"results": [
{
"cve": {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4034",
"ASSIGNER": "secalert@redhat.com",
"ALIAS": "PwnKit",
"STATUS": "Confirmed"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787",
"name": "Out-of-bounds Write",
"url": "https://cwe.mitre.org/data/definitions/787.html"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html",
"name": "Polkit pkexec Local Privilege Escalation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-03"
},
{
"url": "https://github.com/fdellwing/CVE-2021-4034",
"name": "fdellwing/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/chenaotian/CVE-2021-4034",
"name": "chenaotian/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/navisec/CVE-2021-4034-PwnKit",
"name": "navisec/CVE-2021-4034-PwnKit exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-30"
},
{
"url": "https://github.com/v-rzh/CVE-2021-4034",
"name": "v-rzh/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-29"
},
{
"url": "https://github.com/Pixailz/CVE-2021-4034",
"name": "Pixailz/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-10-10"
},
{
"url": "https://github.com/zhzyker/CVE-2021-4034",
"name": "zhzyker/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://gitlab.com/RekGRpth/CVE-2021-4034",
"name": "RekGRpth/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-03"
},
{
"url": "https://github.com/rapid7/metasploit-framework",
"name": "Local Privilege Escalation in polkits pkexec",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/linux_pkexec_argc",
"name": "linux_pkexec_argc",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-05-01"
},
{
"url": "https://github.com/ck00004/CVE-2021-4034",
"name": "ck00004/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-15"
},
{
"url": "https://github.com/robemmerson/CVE-2021-4034",
"name": "robemmerson/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/joeammond/CVE-2021-4034",
"name": "joeammond/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/ayypril/CVE-2021-4034",
"name": "ayypril/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/clubby789/CVE-2021-4034",
"name": "clubby789/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/HrishitJoshi/CVE-2021-4034",
"name": "HrishitJoshi/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-02"
},
{
"url": "https://packetstormsecurity.com/files/165729/Polkit-pkexec-CVE-2021-4034-Local-Root.html",
"name": "Polkit pkexec CVE-2021-4034 Local Root",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://packetstormsecurity.com/files/165727/Polkit-pkexec-CVE-2021-4034-Local-Root.html",
"name": "Polkit pkexec CVE-2021-4034 Local Root",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/dadvlingd/-CVE-2021-4034",
"name": "dadvlingd/-CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/signfind/CVE-2021-4034",
"name": "signfind/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "0001-01-01"
},
{
"url": "https://github.com/dzonerzy/poc-cve-2021-4034",
"name": "dzonerzy/poc-cve-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/arthepsy/CVE-2021-4034",
"name": "arthepsy/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/ly4k/PwnKit",
"name": "ly4k/PwnKit exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/Ankit-Ojha16/CVE-2021-4034",
"name": "Ankit-Ojha16/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-02"
},
{
"url": "https://github.com/mtthwstffrd/berdav-CVE-2021-4034",
"name": "mtthwstffrd/berdav-CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-23"
},
{
"url": "https://packetstormsecurity.com/files/165739/PolicyKit-1-0.105-31-Privilege-Escalation.html",
"name": "PolicyKit-1 0.105-31 Privilege Escalation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"name": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability",
"refsource": "CISA-KNOWN-EXPLOITED-VULNERABILITIES",
"tags": [
"US Government Resource",
"Third Party Advisory"
],
"date_added": "2022-06-27"
},
{
"url": "https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html",
"name": "Alchimist: A new attack framework in Chinese for Mac, Linux and Windows",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-10-13"
},
{
"url": "https://github.com/phvilasboas/CVE-2021-4034",
"name": "phvilasboas/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/Ayrx/CVE-2021-4034",
"name": "Ayrx/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/berdav/CVE-2021-4034",
"name": "berdav/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-25"
},
{
"url": "https://github.com/An00bRektn/CVE-2021-4034",
"name": "An00bRektn/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/EstamelGG/CVE-2021-4034-NoGCC",
"name": "EstamelGG/CVE-2021-4034-NoGCC exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/Al1ex/CVE-2021-4034",
"name": "Al1ex/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://gitlab.com/Tramadol/cve-2021-4034",
"name": "Tramadol/cve-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/x04000/CVE-2021-4034",
"name": "x04000/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-13"
},
{
"url": "https://packetstormsecurity.com/files/165728/Polkit-pkexec-CVE-2021-4034-Proof-Of-Concept.html",
"name": "Polkit pkexec CVE-2021-4034 Proof Of Concept",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://my.saintcorporation.com/cgi-bin/exploit_info/polkit_pkexec_priv_elev",
"name": "Polkit pkexec privilege elevation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html",
"name": "Polkit pkexec Privilege Escalation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-04"
},
{
"url": "https://github.com/Rvn0xsy/CVE-2021-4034",
"name": "Rvn0xsy/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/CYB3RK1D/CVE-2021-4034-POC",
"name": "CYB3RK1D/CVE-2021-4034-POC exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/OxWeb4/CVE-2021-4034-",
"name": "OxWeb4/CVE-2021-4034- exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-29"
},
{
"url": "https://github.com/nikaiw/CVE-2021-4034",
"name": "nikaiw/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/n3onhacks/CVE-2021-4034",
"name": "n3onhacks/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/luijait/PwnKit-Exploit",
"name": "luijait/PwnKit-Exploit exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/san3ncrypt3d/CVE-2021-4034-POC",
"name": "san3ncrypt3d/CVE-2021-4034-POC exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/ryaagard/CVE-2021-4034",
"name": "ryaagard/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-25"
},
{
"url": "https://github.com/artemis-mike/cve-2021-4034",
"name": "artemis-mike/cve-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/Hifumi1337/CVE-2021-4034",
"name": "Hifumi1337/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-16"
},
{
"url": "https://github.com/PwnFunction/CVE-2021-4034",
"name": "PwnFunction/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://www.gehealthcare.com/en-US/security",
"status": "active",
"lang": "en",
"name": "PwnKit – Critical Polkit Vulnerability in Linux Distributions (CVE-2021-4034)",
"refsource": "GE-HEALTHCARE",
"tags": [
"IoMT",
"Vendor Advisory"
],
"date_added": "2022-02-04"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/ICSA-22-167-16",
"status": "active",
"lang": "en",
"name": "Siemens SCALANCE LPE 4903 and SINUMERIK Edge",
"external_id": "ICSA-22-167-16",
"refsource": "ICS-CERT",
"tags": [
"ICS/OT"
],
"date_added": "2022-06-16"
},
{
"url": "https://ubuntu.com/security/CVE-2021-4034",
"status": "active",
"lang": "en",
"name": "Ubuntu security advisory for CVE-2021-4034",
"external_id": "USN-5252-1",
"refsource": "UBUNTU-CVE-TRACKER",
"tags": [
"Vendor Advisory"
],
"date_added": "2022-01-28"
},
{
"url": "https://ubuntu.com/security/CVE-2021-4034",
"status": "active",
"lang": "en",
"name": "Ubuntu security advisory for CVE-2021-4034",
"external_id": "USN-5252-2",
"refsource": "UBUNTU-CVE-TRACKER",
"tags": [
"Vendor Advisory"
],
"date_added": "2022-01-28"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-16",
"status": "active",
"lang": "en",
"name": "Siemens SCALANCE LPE 4903 and SINUMERIK Edge",
"external_id": "icsa-22-167-16",
"refsource": "ICS-CERT",
"tags": [
"ICS/OT"
],
"date_added": "2022-06-16"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf",
"status": "active",
"lang": "en",
"name": "PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)",
"external_id": "SSA-330556",
"refsource": "SIEMENS",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-06-14"
},
{
"url": "https://www.debian.org/security/2022/dsa-5059",
"status": "active",
"lang": "en",
"name": "DSA-5059-1 policykit-1 -- security update",
"external_id": "DSA-5059",
"refsource": "DEBIAN-DSA",
"tags": [
"Vendor Advisory"
],
"date_added": "2022-01-25"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&DocumentPartId=&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&DocumentPartId=&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/ICSA-22-270-02",
"status": "active",
"lang": "en",
"name": "Hitachi Energy APM Edge",
"external_id": "ICSA-22-270-02",
"refsource": "ICS-CERT",
"tags": [
"ICS/OT"
],
"date_added": "2022-09-27"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&Action=Launch&_ga=2.56758504.353589356.1650867075-372504397.1647012599",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/",
"name": "CVE-2021-4034 exploited by DriftingCloud threat actor",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html",
"name": "CVE-2021-4034 associated with Hezb botnet",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/",
"name": "CVE-2021-4034 associated with Hezb botnet",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.akamai.com/blog/security/atlassian-confluence-vulnerability-observations",
"name": "CVE-2021-4034 associated with Hezb botnet",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"name": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"refsource": "MISC",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"name": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"refsource": "MISC",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"name": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020564",
"name": "https://www.suse.com/support/kb/doc/?id=000020564",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/",
"name": "https://www.starwindsoftware.com/security/sw-20220818-0001/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
}
]
},
"categorization": {
"tags": [
"ICS/OT",
"IoMT",
"Operating System",
"IoT"
]
},
"description": {
"description_data": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
}
]
}
},
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0",
"cpe_name": []
}
]
},
{
"operator": "AND",
"children": [
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": false,
"cpe23Uri": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*",
"cpe_name": []
}
]
}
],
"cpe_match": []
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*",
"cpe_name": []
}
]
}
]
},
"vulnerable_cpes": [
"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.112.1:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.113:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.114:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.116:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.117:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.118:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.119:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.120:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:sinumerik_edge:3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*",
"cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*",
"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*",
"cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*",
"cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:coreos:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*",
"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*",
"cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*"
],
"impact": {
"baseMetricV3": {
"cvssV3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2
},
"severity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
},
"temporalMetricV3": {
"cvssV3": {
"version": "3.1",
"vectorString": "E:H/RL:X/RC:C",
"exploitCodeMaturity": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "CONFIRMED",
"temporalScore": 7.8
}
},
"temporalMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "E:H/RL:ND/RC:C",
"exploitability": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "CONFIRMED",
"temporalScore": 7.2
}
},
"epss": {
"epss_score": 0.04106,
"epss_percentile": 0.85572
}
},
"related_attack_patterns": [
{
"lang": "en",
"capec_id": "CAPEC-100",
"capec_name": "Overflow Buffers",
"capec_url": "https://capec.mitre.org/data/definitions/100.html"
}
],
"publishedDate": "2022-01-28T20:15Z",
"lastModifiedDate": "2022-10-25T16:59Z",
"documentGenerationDate": "2022-11-15T15:26Z"
}
]
}