Vulnerabilities > CVE-2021-41033 - Unspecified vulnerability in Eclipse Equinox 4.21

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

eclipse

NVD

Published: 2021-09-13

Updated: 2021-09-24

Summary

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

Vulnerable Configurations

Part	Description	Count
Application	Eclipse Eclipse Equinox * Eclipse Equinox 4.21	2

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688