icon

We found results for “

CVE-2021-30640

Good to know:

icon
icon

Date: July 12, 2021

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.tomcat:tomcat-catalina:7.0.109, 8.5.66, 9.0.46, 10.0.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privilegs Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us