What is CVE-2021-29842?

CVE-2021-29842 is a vulnerability in IBM WebSphere Application Server that allows a remote user to enumerate usernames.

What is the severity of CVE-2021-29842?

The severity of CVE-2021-29842 is medium with a CVSS score of 5.3.

How can a remote user exploit CVE-2021-29842?

A remote user can exploit CVE-2021-29842 by enumerating usernames through a difference in responses from valid and invalid login attempts.

Where can I find more information about CVE-2021-29842?

You can find more information about CVE-2021-29842 on the IBM X-Force ID page (https://exchange.xforce.ibmcloud.com/vulnerabilities/205202) and the IBM support page (https://www.ibm.com/support/pages/node/6489485).

Vulnerability/
CVE-2021-29842

medium

5.3

CWE

307

15/9/2021

16/9/2021

17/9/2024

CVE-2021-29842

Q: Which versions of IBM WebSphere Application Server are affected by CVE-2021-29842?

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty 17.0.0.3 through 21.0.0.9 are affected by CVE-2021-29842.

First published: Wed Sep 15 2021(Updated: )

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Websphere Application Server	>=7.0.0.0<=7.0.0.45
Ibm Websphere Application Server	>=8.0.0.0<=8.0.0.15
Ibm Websphere Application Server	>=8.5<=8.5.5.20
Ibm Websphere Application Server	>=9.0.0.0<=9.0.5.9
Ibm Websphere Application Server	>=17.0.0.3<=21.0.0.9
	<=9.0
	<=8.5
	<=8.0
	<=7.0
	<=17.0.0.3 - 21.0.0.9

Remedy

https://www.ibm.com/support/pages/node/6489485

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6489485

Frequently Asked Questions

What is CVE-2021-29842?
CVE-2021-29842 is a vulnerability in IBM WebSphere Application Server that allows a remote user to enumerate usernames.
Which versions of IBM WebSphere Application Server are affected by CVE-2021-29842?
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty 17.0.0.3 through 21.0.0.9 are affected by CVE-2021-29842.
What is the severity of CVE-2021-29842?
The severity of CVE-2021-29842 is medium with a CVSS score of 5.3.
How can a remote user exploit CVE-2021-29842?
A remote user can exploit CVE-2021-29842 by enumerating usernames through a difference in responses from valid and invalid login attempts.
Where can I find more information about CVE-2021-29842?
You can find more information about CVE-2021-29842 on the IBM X-Force ID page (https://exchange.xforce.ibmcloud.com/vulnerabilities/205202) and the IBM support page (https://www.ibm.com/support/pages/node/6489485).

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/remedy
agent/severity
agent/weakness
agent/author
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
agent/event
vendor/ibm
canonical/ibm websphere application server
version/ibm websphere application server/7.0.0.0
version/ibm websphere application server/7.0.0.45
version/ibm websphere application server/8.0.0.0
version/ibm websphere application server/8.0.0.15
version/ibm websphere application server/8.5
version/ibm websphere application server/8.5.5.20
version/ibm websphere application server/9.0.0.0
version/ibm websphere application server/9.0.5.9
version/ibm websphere application server/17.0.0.3
version/ibm websphere application server/21.0.0.9
version/ibm websphere application server/9.0
version/ibm websphere application server/8.0
version/ibm websphere application server/7.0
canonical/ibm websphere application server liberty
version/ibm websphere application server liberty/17.0.0.3 - 21.0.0.9