Home > 정보마당 > 공개SW 보안취약점

공개SW 보안취약점

컴포넌트 명 : Apache Tomcat
컴포넌트에 대한 취약점 정보
버전 정보 취약점 ID 취약점 최종 보고일 심각도
5.5.28-deployer CVE-2020-8022 2021/03/17 7.2 (High)
취약점 ID : CVE-2020-8022
취약점 상세정보
취약점 설명 A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

다수 버전의 Tomcat 패키지의 잘못된 기본 권한 취약성 존재
대응 방안 (8 버전) 29.32.1 이상 버전으로 업데이트
(9 버전) 3.57.3 이상 버전으로 업데이트
기타 -

-

공개SW 보안취약점 게시물 리스트 표
번호 컴포넌트 명 및 버전 취약점ID 심각도 취약점
최종 보고일
대응방안
162 swiper 5.3.8 CVE-2021-23370 7.5 (High) 2021/04/19 대응방안보기
161 Apache Hadoop 2.6.0 CVE-2017-3162 7.5 (High) 2021/07/03 대응방안보기
160 Apache Velocity Engine 1.5 CVE-2020-13936 9.0 (Critical) 2021/09/23 대응방안보기
159 Apache Commons Beanutils 1.8.3 CVE-2019-10086 7.5 (High) 2021/10/20 대응방안보기
158 TensorFlow 2.4.1 CVE-2021-37678 4.6 (Medium) 2021/08/19 대응방안보기
157 libmicrohttpd 0.9.23 CVE-2021-3466 10.0 (Critical) 2021/05/04 대응방안보기
156 Libevent 2.0.17 CVE-2014-6272 7.5 (High) 2017/12/08 대응방안보기
155 SQlite 3.25.0 CVE-2020-11656 7.5 (High) 2021/07/22 대응방안보기
154 Bouncy Castle 1.46 CVE-2018-5382 7.5 (High) 2021/04/21 대응방안보기
153 Apache Tomcat 5.5.28-deployer CVE-2020-8022 7.2 (High) 2021/03/17 대응방안보기
맨 위로
맨 위로