Cyber Resilience

CVE-2021-30129

Medium

Published: 12 July 2021

Published
12 July 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0024 47.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-30129 is a medium-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Oracle Middleware Common Libraries And Tools. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 47.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed…

more

in Apache Mina SSHD 2.7.0

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
sshd
2.0.0 — 2.7.0
oracle
banking payments
14.5
oracle
banking trade finance
14.5
oracle
banking treasury management
14.5
oracle
communications cloud native core console
1.9.0
oracle
flexcube universal banking
14.5 · 14.0.0 — 14.3.0
oracle
middleware common libraries and tools
12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
oracle
oss support tools
2.12.42
oracle
retail customer management and segmentation foundation
18.0, 19.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-772

Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.

References