CVE-2021-30129 — MEDIUM (6.5)

Q: How severe is CVE-2021-30129?

CVE-2021-30129 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-30129?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Sshd, Oracle Banking Payments, Oracle Banking Trade Finance, Oracle Banking Treasury Management, Oracle Communications Cloud Native Core Console.

Vulnerability Description

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Sshd	>= 2.0.0, < 2.7.0
Oracle	Banking Payments	14.5
Oracle	Banking Trade Finance	14.5
Oracle	Banking Treasury Management	14.5
Oracle	Communications Cloud Native Core Console	1.9.0
Oracle	Flexcube Universal Banking	>= 14.0.0, <= 14.3.0
Oracle	Middleware Common Libraries And Tools	12.2.1.3.0
Oracle	Oss Support Tools	2.12.42
Oracle	Retail Customer Management And Segmentation Foundation	18.0

Related Weaknesses (CWE)

CWE-772

References

http://www.openwall.com/lists/oss-security/2021/07/12/1Mailing ListThird Party Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecdMailing ListVendor Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecdMailing ListVendor Advisory
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2021/07/12/1Mailing ListThird Party Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecdMailing ListVendor Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecdMailing ListVendor Advisory
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html

FAQ

What is CVE-2021-30129?

CVE-2021-30129 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD ve...

How severe is CVE-2021-30129?

CVE-2021-30129 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-30129?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Sshd, Oracle Banking Payments, Oracle Banking Trade Finance, Oracle Banking Treasury Management, Oracle Communications Cloud Native Core Console.