CVE-2021-30640 vulnerability in Apache and Other Products
Published on July 12, 2021

Auth weakness in JNDIRealm

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2021-30640

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-30640 are published in these products:

Apache Tomcat

Oracle Communications Diameter Signaling Router

Debian Linux

Oracle Communications Pricing Design Center

Oracle Tekelec Platform Distribution

Oracle Communications Cloud Native Core Policy

Oracle Hospitality Cruise Shipboard Property Management System

Canonical Ubuntu Linux

Oracle

Affected Versions

Apache Software Foundation Apache Tomcat:

Version Apache Tomcat 10 10.0.0-M1 to 10.0.5 is affected.
Version Apache Tomcat 9 9.0.0.M1 to 9.0.45 is affected.
Version Apache Tomcat 8.5 8.5.0 to 8.5.65 is affected.
Version Apache Tomcat 7 7.0.0 to 7.0.108 is affected.

Exploit Probability

EPSS

0.12%

Percentile

31.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-30640 vulnerability in Apache and Other ProductsPublished on July 12, 2021

Products Associated with CVE-2021-30640

Affected Versions

Exploit Probability

CVE-2021-30640 vulnerability in Apache and Other Products
Published on July 12, 2021