Vulnerability Details
Basic Information
| Title | Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications (CVE-2021-33517, CVE-2021-36090) |
|---|---|
| Type | ibm |
| Published | 2025-04-28T20:41:23 |
| Last Seen | 2025-04-29T02:56:49 |
| CVSS Score | 7.5 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2021-33517, CVE-2021-36090 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
Multiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications (CVE-2021-33517, CVE-2021-36090)
## Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
## Affected Products and Versions
Affected Product(s) and Version(s) | Affecting Product(s) and Version(s)
—|—
IBM Cloud Pak for Applications
* v4.3.1
| IBM WebSphere Application Server Liberty
* 17.0.0.3 – 21.0.0.9
## Remediation/Fixes
The recommended solution is to apply the interim fix or Fix Pack containing APAR PH39418 for each named product as soon as practical.
Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090)
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 7.5 |
|---|---|
| Severity | HIGH |