How severe is CVE-2021-32700?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2021-32700?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2021-32700

HIGH Year: 2021

CVSS v3 Score

7.4

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-306

View all →

Vulnerability Description

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.

CVE-2017-6873

HIGH

CVSS:7.4(High)

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle ...

CWE-3062017

CVE-2019-5152

HIGH

CVSS:7.4(High)

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network p...

CWE-3062019

CVE-2020-4670

HIGH

CVSS:7.4(High)

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attac...

CWE-3062020

CVE-2020-4958

HIGH

CVSS:7.4(High)

IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM ...

CWE-3062020

CVE-2023-35874

HIGH

CVSS:7.4(High)

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.8...

CWE-3062023

CVE-2023-5935

HIGH

CVSS:7.4(High)

When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attac...

CWE-3062023

CVE-2021-32700

Vulnerability Description

Related Vulnerabilities

CVE-2017-6873

CVE-2019-5152

CVE-2020-4670

CVE-2020-4958

CVE-2023-35874

CVE-2023-5935