Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2021-35515

CVE information

Published

2 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Share

Description

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package..

CVSSv2.0 Score

Severity
Medium
Base Score
5/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
Partial
Integrity Impact
None

CVSSv3.1 Score

Severity
High
Base Score
7.5/10
Exploit Score
3.9/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
3.6/10
Confidentiality Impact
None
Availability Impact
High
Integrity Impact
None
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*
  Yes
1.6 -
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_
  Yes
- -
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*
  Yes
- -
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows
  Yes
- -
cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:
  Yes
- -
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
  Yes
17.7 -
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:
  Yes
- -
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.
  Yes
- -
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:
  Yes
- -
cpe:2.3:a:oracle:financial_services_enterprise_case_manageme
  Yes
- -
cpe:2.3:a:oracle:financial_services_enterprise_case_manageme
  Yes
- -
cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:
  Yes
8.0.0 -
cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*
  Yes
- -
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*
  Yes
- -
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*
  Yes
- -
cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_cloud_native_core_unified_da
  Yes
- -
cpe:2.3:a:oracle:communications_cloud_native_core_service_co
  Yes
- -
cpe:2.3:a:oracle:communications_cloud_native_core_automated_
  Yes
- -
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:
  Yes
- -
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0
  Yes
- -
cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
  Yes
18.1 -
cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:
  Yes
- -
cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:
  Yes
8.0.0 -
cpe:2.3:a:oracle:financial_services_crime_and_compliance_man
  Yes
- -
cpe:2.3:a:oracle:financial_services_crime_and_compliance_man
  Yes
- -

References