CHK NVD : CVE-2021-3449 - efb1db25

[witchcraze]

Update Suggestion - CVE-2021-3449 - Cvss2 : 4.3 Update Suggestion - CVE-2021-3449 - Cvss3 : 5.9

https://github.com/witchcraze/NVD_CHECK/blob/main/Nodejs/CVE-2021-3449.json

- CVE-2021-3449
- Suggested Configration
  - OR
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.24.1
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 12.0.0 up to (excluding) 12.22.1
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 14.0.0 up to (excluding) 14.16.1
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 15.0.0 up to (excluding) 15.14.0
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 14.0.0 up to (excluding) 14.16.1,
- Reference
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V10.md
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V12.md
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V14.md
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V15.md
  - https://github.com/nodejs/security-wg/blob/main/vuln/core/77.json
- I Checked
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2021-3449	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:sonicwall:sonicos:7.0.1.0
cpe:/o:sonicwall:sma100_firmware	10.2.0.0	10.2.1.0-17sv
cpe:/o:siemens:tim_1531_irc_firmware	2.0	2.2
cpe:/o:siemens:sinamics_connect_300_firmware
cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware
cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware
cpe:/o:siemens:simatic_rf360r_firmware
cpe:/o:siemens:simatic_rf188ci_firmware
cpe:/o:siemens:simatic_rf188c_firmware
cpe:/o:siemens:simatic_rf186ci_firmware
cpe:/o:siemens:simatic_rf186c_firmware
cpe:/o:siemens:simatic_rf185c_firmware
cpe:/o:siemens:simatic_rf166c_firmware
cpe:/o:siemens:simatic_process_historian_opc_ua_server_firmware	2019
cpe:/o:siemens:simatic_pdm_firmware	9.1.0.7
cpe:/o:siemens:simatic_pcs_neo_firmware
cpe:/o:siemens:simatic_pcs_7_telecontrol_firmware
cpe:/o:siemens:simatic_net_cp_1545-1_firmware	1.0
cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware	2.1
cpe:/o:siemens:simatic_net_cp_1543-1_firmware	2.2	3.0
cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware	2.1
cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware	3.1
cpe:/o:siemens:simatic_net_cp_1243-1_firmware	3.1
cpe:/o:siemens:simatic_net_cp1243-7_lte_us_firmware	3.1
cpe:/o:siemens:simatic_net_cp1243-7_lte_eu_firmware	3.1
cpe:/o:siemens:simatic_mv500_firmware
cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_firmware
cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware
cpe:/o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware
cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-
cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware	3.1
cpe:/o:siemens:simatic_cloud_connect_7_firmware:-
cpe:/o:siemens:simatic_cloud_connect_7_firmware	1.1
cpe:/o:siemens:scalance_xr552-12_firmware	6.4
cpe:/o:siemens:scalance_xr528-6m_firmware	6.4
cpe:/o:siemens:scalance_xr526-8c_firmware	6.4
cpe:/o:siemens:scalance_xr524-8c_firmware	6.4
cpe:/o:siemens:scalance_xr-300wg_firmware	4.3
cpe:/o:siemens:scalance_xp-200_firmware	4.3
cpe:/o:siemens:scalance_xm-400_firmware	6.4
cpe:/o:siemens:scalance_xf-200ba_firmware	4.3
cpe:/o:siemens:scalance_xc-200_firmware	4.3
cpe:/o:siemens:scalance_xb-200_firmware	4.3
cpe:/o:siemens:scalance_w700_firmware	6.5
cpe:/o:siemens:scalance_w1700_firmware	2.0
cpe:/o:siemens:scalance_sc-600_firmware	2.0
cpe:/o:siemens:scalance_s627-2m_firmware	4.1
cpe:/o:siemens:scalance_s623_firmware	4.1
cpe:/o:siemens:scalance_s615_firmware	6.2
cpe:/o:siemens:scalance_s612_firmware	4.1
cpe:/o:siemens:scalance_s602_firmware	4.1
cpe:/o:siemens:scalance_m-800_firmware	6.2
cpe:/o:siemens:scalance_lpe9403_firmware
cpe:/o:siemens:ruggedcom_rcm1224_firmware	6.2
cpe:/o:freebsd:freebsd:12.2:p2
cpe:/o:freebsd:freebsd:12.2:p1
cpe:/o:freebsd:freebsd:12.2:-
cpe:/o:fedoraproject:fedora:34
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:10.0
cpe:/o:checkpoint:quantum_security_management_firmware:r81
cpe:/o:checkpoint:quantum_security_management_firmware:r80.40
cpe:/o:checkpoint:quantum_security_gateway_firmware:r81
cpe:/o:checkpoint:quantum_security_gateway_firmware:r80.40
cpe:/o:checkpoint:multi-domain_management_firmware:r81
cpe:/o:checkpoint:multi-domain_management_firmware:r80.40
cpe:/a:tenable:tenable.sc	5.13.0	5.17.0
cpe:/a:tenable:nessus_network_monitor:5.13.0
cpe:/a:tenable:nessus_network_monitor:5.12.1
cpe:/a:tenable:nessus_network_monitor:5.12.0
cpe:/a:tenable:nessus_network_monitor:5.11.1
cpe:/a:tenable:nessus_network_monitor:5.11.0
cpe:/a:tenable:nessus	8.13.1
cpe:/a:tenable:log_correlation_engine	6.0.9
cpe:/a:sonicwall:capture_client:3.5
cpe:/a:siemens:tia_administrator
cpe:/a:siemens:sinumerik_opc_ua_server
cpe:/a:siemens:sinema_server:14.0:sp2_update2
cpe:/a:siemens:sinema_server:14.0:sp2_update1
cpe:/a:siemens:sinema_server:14.0:sp2
cpe:/a:siemens:sinema_server:14.0:sp1
cpe:/a:siemens:sinema_server:14.0:-
cpe:/a:siemens:sinec_pni:-
cpe:/a:siemens:sinec_nms:1.0:sp1
cpe:/a:siemens:sinec_nms:1.0:-
cpe:/a:siemens:sinec_infrastructure_network_services	1.0.1.1
cpe:/a:siemens:simatic_wincc_telecontrol:-
cpe:/a:siemens:simatic_wincc_runtime_advanced
cpe:/a:siemens:simatic_logon:1.5:sp3_update_1
cpe:/a:siemens:simatic_logon	1.6.0.2
cpe:/a:oracle:zfs_storage_appliance_kit:8.8
cpe:/a:oracle:secure_global_desktop:5.6
cpe:/a:oracle:secure_backup	18.1.0.1.0
cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.59
cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58
cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57
cpe:/a:oracle:mysql_workbench	8.0.23
cpe:/a:oracle:mysql_server	5.7.33
cpe:/a:oracle:mysql_server	8.0.15	8.0.23
cpe:/a:oracle:mysql_connectors	8.0.23
cpe:/a:oracle:jd_edwards_world_security:a9.4
cpe:/a:oracle:jd_edwards_enterpriseone_tools	9.2.6.0
cpe:/a:oracle:graalvm:21.0.0.2::enterprise~
cpe:/a:oracle:graalvm:20.3.1.2::enterprise~
cpe:/a:oracle:graalvm:19.3.5::enterprise~
cpe:/a:oracle:essbase:21.2
cpe:/a:openssl:openssl	1.1.1	1.1.1k
cpe:/a:netapp:storagegrid:-
cpe:/a:netapp:snapcenter:-
cpe:/a:netapp:santricity_smi-s_provider:-
cpe:/a:netapp:ontap_select_deploy_administration_utility:-
cpe:/a:netapp:oncommand_workflow_automation:-
cpe:/a:netapp:oncommand_insight:-
cpe:/a:netapp:e-series_performance_analyzer:-
cpe:/a:netapp:cloud_volumes_ontap_mediator:-
cpe:/a:netapp:active_iq_unified_manager:-::~vmware_vsphere
cpe:/a:mcafee:web_gateway_cloud_service:9.2.10
cpe:/a:mcafee:web_gateway_cloud_service:8.2.19
cpe:/a:mcafee:web_gateway_cloud_service:10.1.1
cpe:/a:mcafee:web_gateway:9.2.10
cpe:/a:mcafee:web_gateway:8.2.19
cpe:/a:mcafee:web_gateway:10.1.1

[witchcraze]

- CVE-2021-3449
- Suggested Configration
  - OR
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.24.1
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 12.0.0 up to (excluding) 12.22.1
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 14.0.0 up to (excluding) 14.16.1
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 15.0.0 up to (excluding) 15.14.0
- Reference
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V10.md
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V12.md
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V14.md
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V15.md
  - https://github.com/nodejs/security-wg/blob/main/vuln/core/77.json
- I Checked
  - CVE-2021-3449 is written in each CHANGELOG
  - From 77.json in seccurity-wg, same information is written