CVE-2021-3798 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Affected Products (NVD)

Vendor	Product	Version
opencryptoki_project	opencryptoki	𝑥 < 3.17.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

opencryptoki

bookworm	3.8.1+dfsg-3.2 fixed
bullseye	3.8.1+dfsg-3.2 fixed
sid	3.23.0+dfsg-0.3 fixed
trixie	3.23.0+dfsg-0.3 fixed

Ubuntu Releases

Ubuntu Product

Codename

opencryptoki

bionic	needs-triage
focal	needs-triage
hirsute	ignored
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	dne
xenial	needs-triage

Red Hat Enterprise Linux Releases

Red Hat Product

Release

opencryptoki

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-ccatok

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-devel

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-ep11tok

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-icatok

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-icsftok

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-libs

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-swtok

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

opencryptoki-tpmtok

RHEL 8	0:3.15.1-6.el8_4 fixed
RHEL 8.4 AUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 E4S	0:3.15.1-6.el8_4 fixed
RHEL 8.4 EUS	0:3.15.1-6.el8_4 fixed
RHEL 8.4 TUS	0:3.15.1-6.el8_4 fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://access.redhat.com/security/cve/CVE-2021-3798

https://bugzilla.redhat.com/show_bug.cgi?id=1990591

https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0

https://github.com/opencryptoki/opencryptoki/pull/402

https://access.redhat.com/security/cve/CVE-2021-3798

https://bugzilla.redhat.com/show_bug.cgi?id=1990591

https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0

https://github.com/opencryptoki/opencryptoki/pull/402