VYPR
Moderate severityNVD Advisory· Published Jul 12, 2021· Updated Aug 3, 2024

Auth weakness in JNDIRealm

CVE-2021-30640

Description

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 10.0.0-M1, < 10.0.510.0.5
org.apache.tomcat:tomcatMaven
>= 9.0.0M1, < 9.0.459.0.45
org.apache.tomcat:tomcatMaven
>= 8.5.0, < 8.5.658.5.65

Affected products

33

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.