CyberSec.Space Logo
Back to CVE Browser

CVE-2021-41033

HIGH
8.1
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile42.80th
PublishedSep 13, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

Affected Platforms (CPE)

📦
Eclipse

Equinox

< 4.21
📦
Eclipse

Equinox

= 4.21

References & Advisories

🔗 https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688
🔗 https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688

Related Vulnerabilities

CVE-2019-182349.8

Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arb...

CVE-2017-76499.8

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firew...

CVE-2020-70378.1

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated,...

CVE-2019-70077.5

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful...