{"api_version":"1","generated_at":"2026-04-22T20:52:26+00:00","cve":"CVE-2021-22946","urls":{"html":"https://cve.report/CVE-2021-22946","api":"https://cve.report/api/cve/CVE-2021-22946.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22946","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22946"},"summary":{"title":"CVE-2021-22946","description":"A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.","state":"PUBLISHED","assigner":"hackerone","published_at":"2021-09-29 20:15:08","updated_at":"2026-04-16 15:16:44"},"problem_types":["CWE-325","CWE-319","CWE-325 Missing Required Cryptographic Step (CWE-325)","CWE-319 CWE-319 Cleartext Transmission of Sensitive Information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","name":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - October 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html","name":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2773-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213183","name":"https://support.apple.com/kb/HT213183","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"],"title":"About the security content of macOS Monterey 12.3 - Apple Support (PH)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202212-01","name":"https://security.gentoo.org/glsa/202212-01","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"curl: Multiple Vulnerabilities (GLSA 202212-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","name":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 3085-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - January 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","name":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - July 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2022/dsa-5197","name":"https://www.debian.org/security/2022/dsa-5197","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-5197-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20211029-0003/","name":"https://security.netapp.com/advisory/ntap-20211029-0003/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"September 2021 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hackerone.com/reports/1334111","name":"https://hackerone.com/reports/1334111","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20220121-0008/","name":"https://security.netapp.com/advisory/ntap-20220121-0008/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"January 2022 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2022/Mar/29","name":"http://seclists.org/fulldisclosure/2022/Mar/29","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2022-03-14-4 macOS Monterey 12.3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/","name":"FEDORA:FEDORA-2021-1d24845e93","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/","name":"FEDORA:FEDORA-2021-fc96a3a749","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22946","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22946","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"https://github.com/curl/curl","version":"affected curl 7.20.0 to and including 7.78.0","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"cloud_backup","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_workflow_automation","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"snapcenter","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"solidfire_baseboard_management_controller","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"solidfire_baseboard_management_controller_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"commerce_guided_search","cpe6":"11.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_binding_support_function","cpe6":"1.11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_binding_support_function","cpe6":"22.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_console","cpe6":"22.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_function_cloud_native_environment","cpe6":"1.10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_repository_function","cpe6":"1.15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_repository_function","cpe6":"1.15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_repository_function","cpe6":"22.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_repository_function","cpe6":"22.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_slice_selection_function","cpe6":"1.8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_security_edge_protection_proxy","cpe6":"22.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_service_communication_proxy","cpe6":"1.15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"5.7.35","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"8.0.26","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise_peopletools","cpe6":"8.57","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise_peopletools","cpe6":"8.58","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise_peopletools","cpe6":"8.59","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_infrastructure_network_services","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22946","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"splunk","cpe5":"universal_forwarder","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-22946","qid":"159446","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2021-4059)"},{"cve":"CVE-2021-22946","qid":"178854","title":"Debian Security Update for curl (DLA 2773-1)"},{"cve":"CVE-2021-22946","qid":"180909","title":"Debian Security Update for curl (DSA 5197-1)"},{"cve":"CVE-2021-22946","qid":"180969","title":"Debian Security Update for curl (DLA 3085-1)"},{"cve":"CVE-2021-22946","qid":"181978","title":"Debian Security Update for curl (CVE-2021-22946)"},{"cve":"CVE-2021-22946","qid":"198501","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-5079-1)"},{"cve":"CVE-2021-22946","qid":"20239","title":"Oracle MySQL January 2022 Critical Patch Update (CPUJAN2022)"},{"cve":"CVE-2021-22946","qid":"239769","title":"Red Hat Update for curl (RHSA-2021:4059)"},{"cve":"CVE-2021-22946","qid":"240097","title":"Red Hat Update for curl (RHSA-2022:0635)"},{"cve":"CVE-2021-22946","qid":"240217","title":"Red Hat Update for rh-dotnet31-curl (RHSA-2022:1354)"},{"cve":"CVE-2021-22946","qid":"281920","title":"Fedora Security Update for curl (FEDORA-2021-c5584b92d4)"},{"cve":"CVE-2021-22946","qid":"281955","title":"Fedora Security Update for curl (FEDORA-2021-fc96a3a749)"},{"cve":"CVE-2021-22946","qid":"296063","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)"},{"cve":"CVE-2021-22946","qid":"296065","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)"},{"cve":"CVE-2021-22946","qid":"352874","title":"Amazon Linux Security Advisory for curl : ALAS-2021-1549"},{"cve":"CVE-2021-22946","qid":"353082","title":"Amazon Linux Security Advisory for curl : ALAS2-2021-1724"},{"cve":"CVE-2021-22946","qid":"376257","title":"Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJAN2022)"},{"cve":"CVE-2021-22946","qid":"376485","title":"Apple MacOS Monterey 12.3 Not Installed (HT213183)"},{"cve":"CVE-2021-22946","qid":"376968","title":"NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Disclosure of Sensitive Information Vulnerability (NTAP-20211029-0003)"},{"cve":"CVE-2021-22946","qid":"377396","title":"Alibaba Cloud Linux Security Update for curl (ALINUX3-SA-2021:0078)"},{"cve":"CVE-2021-22946","qid":"378599","title":"Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)"},{"cve":"CVE-2021-22946","qid":"378883","title":"Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)"},{"cve":"CVE-2021-22946","qid":"500137","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2021-22946","qid":"503788","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2021-22946","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2021-22946","qid":"671144","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2798)"},{"cve":"CVE-2021-22946","qid":"671196","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1023)"},{"cve":"CVE-2021-22946","qid":"671202","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1003)"},{"cve":"CVE-2021-22946","qid":"671299","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1202)"},{"cve":"CVE-2021-22946","qid":"671303","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1221)"},{"cve":"CVE-2021-22946","qid":"690014","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for curl (c9221ec9-17a2-11ec-b335-d4c9ef517024)"},{"cve":"CVE-2021-22946","qid":"690780","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (7262f826-795e-11ec-8be6-d4c9ef517024)"},{"cve":"CVE-2021-22946","qid":"710693","title":"Gentoo Linux curl Multiple Vulnerabilities (GLSA 202212-01)"},{"cve":"CVE-2021-22946","qid":"730371","title":"McAfee Web Gateway Multiple Vulnerabilities (WP-3335,WP-4131,WP-4159,WP-4237,WP-4259,WP-4329,WP-4348,WP-4355,WP-4376,WP-4407,WP-4421)"},{"cve":"CVE-2021-22946","qid":"751197","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:3297-1)"},{"cve":"CVE-2021-22946","qid":"751205","title":"OpenSUSE Security Update for curl (openSUSE-SU-2021:3298-1)"},{"cve":"CVE-2021-22946","qid":"751208","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:3332-1)"},{"cve":"CVE-2021-22946","qid":"751213","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:3351-1)"},{"cve":"CVE-2021-22946","qid":"751243","title":"OpenSUSE Security Update for curl (openSUSE-SU-2021:1384-1)"},{"cve":"CVE-2021-22946","qid":"900389","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (5943)"},{"cve":"CVE-2021-22946","qid":"901538","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (6365-1)"},{"cve":"CVE-2021-22946","qid":"940005","title":"AlmaLinux Security Update for curl (ALSA-2021:4059)"},{"cve":"CVE-2021-22946","qid":"960062","title":"Rocky Linux Security Update for curl (RLSA-2021:4059)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T18:58:26.135Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://hackerone.com/reports/1334111"},{"name":"[debian-lts-announce] 20210930 [SECURITY] [DLA 2773-1] curl security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"},{"name":"FEDORA-2021-fc96a3a749","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"name":"FEDORA-2021-1d24845e93","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20211029-0003/"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220121-0008/"},{"name":"20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Mar/29"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"tags":["x_transferred"],"url":"https://support.apple.com/kb/HT213183"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"name":"DSA-5197","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2022/dsa-5197"},{"name":"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"},{"name":"GLSA-202212-01","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202212-01"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2021-22946","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-16T13:53:35.942299Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-319","description":"CWE-319 Cleartext Transmission of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-16T13:53:47.481Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"https://github.com/curl/curl","vendor":"n/a","versions":[{"status":"affected","version":"curl 7.20.0 to and including 7.78.0"}]}],"descriptions":[{"lang":"en","value":"A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-325","description":"Missing Required Cryptographic Step (CWE-325)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-12-19T00:00:00.000Z","orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone"},"references":[{"url":"https://hackerone.com/reports/1334111"},{"name":"[debian-lts-announce] 20210930 [SECURITY] [DLA 2773-1] curl security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"},{"name":"FEDORA-2021-fc96a3a749","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"name":"FEDORA-2021-1d24845e93","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"url":"https://security.netapp.com/advisory/ntap-20211029-0003/"},{"url":"https://security.netapp.com/advisory/ntap-20220121-0008/"},{"name":"20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Mar/29"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"url":"https://support.apple.com/kb/HT213183"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"name":"DSA-5197","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2022/dsa-5197"},{"name":"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"},{"name":"GLSA-202212-01","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202212-01"}]}},"cveMetadata":{"assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","cveId":"CVE-2021-22946","datePublished":"2021-09-29T00:00:00.000Z","dateReserved":"2021-01-06T00:00:00.000Z","dateUpdated":"2026-04-16T13:53:47.481Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2021-09-29 20:15:08","lastModifiedDate":"2026-04-16 15:16:44","problem_types":["CWE-325","CWE-319","CWE-325 Missing Required Cryptographic Step (CWE-325)","CWE-319 CWE-319 Cleartext Transmission of Sensitive Information"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.20.0","versionEndExcluding":"7.79.0","matchCriteriaId":"4CACB6A8-0CF6-4283-BB33-FE3B0026A23E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","matchCriteriaId":"5C2089EE-5D7F-47EC-8EA5-0F69790564C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","matchCriteriaId":"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6770B6C3-732E-4E22-BF1C-2D2FD610061C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","matchCriteriaId":"9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FFF7106-ED78-49BA-9EC5-B889E3685D53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","matchCriteriaId":"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"56409CEC-5A1E-4450-AA42-641E459CC2AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","matchCriteriaId":"B06F4839-D16A-4A61-9BB5-55B13F41E47F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"108A2215-50FB-4074-94CF-C130FA14566D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*","matchCriteriaId":"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"32F0B6C0-F930-480D-962B-3F4EFDCC13C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*","matchCriteriaId":"803BC414-B250-4E3A-A478-A3881340D6B8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0FEB3337-BFDE-462A-908B-176F92053CEC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*","matchCriteriaId":"736AEAE9-782B-4F71-9893-DED53367E102"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","matchCriteriaId":"8497A4C9-8474-4A62-8331-3FE862ED4098"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FB9B8171-F6CA-427D-81E0-6536D3BBFA8D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"090AA6F4-4404-4E26-82AB-C3A22636F276"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*","matchCriteriaId":"10323322-F6C0-4EA7-9344-736F7A80AA5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"C2A5B24D-BDF2-423C-98EA-A40778C01A05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"6F60E32F-0CA0-4C2D-9848-CB92765A9ACB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*","matchCriteriaId":"DF616620-88CE-4A77-B904-C1728A2E6F9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"3AA09838-BF13-46AC-BB97-A69F48B73A8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"175B97A7-0B00-4378-AD9F-C01B6D9FD570"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.35","matchCriteriaId":"E667933A-37EA-4BC2-9180-C3B4B7038866"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.26","matchCriteriaId":"709E83B4-8C66-4255-870B-2F72B37BA8C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","matchCriteriaId":"7E1E416B-920B-49A0-9523-382898C2979D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","matchCriteriaId":"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*","matchCriteriaId":"C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"12.3","matchCriteriaId":"9060C1B6-F101-46AE-8B08-6D6951304916"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*","matchCriteriaId":"2A3622F5-5976-4BBC-A147-FC8A6431EA79"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*","matchCriteriaId":"6EDB6772-7FDB-45FF-8D72-952902A7EE56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*","matchCriteriaId":"3C2BC68D-C8B2-4C8B-9426-21F00CBDD873"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B61A7946-F554-44A9-9E41-86114E4B4914"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*","matchCriteriaId":"EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22946","Ordinal":"1","Title":"CVE-2021-22946","CVE":"CVE-2021-22946","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22946","Ordinal":"1","NoteData":"A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.","Type":"Description","Title":"CVE-2021-22946"},{"CveYear":"2021","CveId":"22946","Ordinal":"2","NoteData":"2021-09-29","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22946","Ordinal":"3","NoteData":"2022-02-07","Type":"Other","Title":"Modified"}]}}}