5
CVSSv2

CVE-2021-22939

Published: 16/08/2021 Updated: 05/01/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

If the Node.js https API in versions prior to 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nodejs node.js

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle graalvm 20.3.3

oracle graalvm 21.2.0

oracle mysql cluster

oracle jd edwards enterpriseone tools

netapp nextgen api -

siemens sinec infrastructure network services

debian debian linux 10.0

Vendor Advisories

If the Nodejs https API in versions before 1662, 14175 and 12225 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy