CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-41033

HIGH
8.1
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile42.80th
Published2021年9月13日
Last Modified2024年11月21日

Vulnerability Description

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

Affected Platforms (CPE)

📦
Eclipse

Equinox

< 4.21
📦
Eclipse

Equinox

= 4.21

References & Advisories

🔗 https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688
🔗 https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688

関連する脆弱性情報

CVE-2019-182349.8

Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arb...

CVE-2017-76499.8

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firew...

CVE-2020-70378.1

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated,...

CVE-2019-70077.5

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful...