Vulnerabilites related to Oracle - Application Testing Suite
var-201804-1675
Vulnerability from variot
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Framework Contains a path traversal vulnerability.Information may be obtained. Pivotal Spring Framework is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. A remote attacker could exploit this issue using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks. ### Affected Pivotal Products and Versions * Severity is high unless otherwise noted. Note also that this attack does not apply to applications that: Do not... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Fuse 7.1 security update Advisory ID: RHSA-2018:2669-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2669 Issue date: 2018-09-11 Cross references: RHBA-2018:2665-04 CVE Names: CVE-2014-0114 CVE-2016-5397 CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000340 CVE-2016-1000341 CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000344 CVE-2016-1000345 CVE-2016-1000346 CVE-2016-1000352 CVE-2017-14063 CVE-2018-1114 CVE-2018-1271 CVE-2018-1272 CVE-2018-1338 CVE-2018-1339 CVE-2018-8036 CVE-2018-8088 CVE-2018-1000129 CVE-2018-1000130 CVE-2018-1000180 ==================================================================== 1. Summary:
An update is now available for Red Hat Fuse.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)
-
thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
-
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
-
jolokia: JMX proxy mode vulnerable to remote code execution (CVE-2018-1000130)
-
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)
-
bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)
-
bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)
-
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)
-
bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)
-
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)
-
bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)
-
bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)
-
async-http-client: Invalid URL parsing with '?' (CVE-2017-14063)
-
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service (CVE-2018-1338)
-
tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service (CVE-2018-1339)
-
pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF (CVE-2018-8036)
-
jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)
-
bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
-
bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)
-
bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with '?' 1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution 1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service 1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service 1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service 1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator 1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data 1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode 1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack 1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated 1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode 1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class 1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class 1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack 1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature 1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default 1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF
- References:
https://access.redhat.com/security/cve/CVE-2014-0114 https://access.redhat.com/security/cve/CVE-2016-5397 https://access.redhat.com/security/cve/CVE-2016-1000338 https://access.redhat.com/security/cve/CVE-2016-1000339 https://access.redhat.com/security/cve/CVE-2016-1000340 https://access.redhat.com/security/cve/CVE-2016-1000341 https://access.redhat.com/security/cve/CVE-2016-1000342 https://access.redhat.com/security/cve/CVE-2016-1000343 https://access.redhat.com/security/cve/CVE-2016-1000344 https://access.redhat.com/security/cve/CVE-2016-1000345 https://access.redhat.com/security/cve/CVE-2016-1000346 https://access.redhat.com/security/cve/CVE-2016-1000352 https://access.redhat.com/security/cve/CVE-2017-14063 https://access.redhat.com/security/cve/CVE-2018-1114 https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1272 https://access.redhat.com/security/cve/CVE-2018-1338 https://access.redhat.com/security/cve/CVE-2018-1339 https://access.redhat.com/security/cve/CVE-2018-8036 https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/cve/CVE-2018-1000129 https://access.redhat.com/security/cve/CVE-2018-1000130 https://access.redhat.com/security/cve/CVE-2018-1000180 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.1.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/ https://access.redhat.com/articles/2939351
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW5d0pdzjgjWX9erEAQg6Yw//dFPzbxBQz8m4jwPwRjNmTDM/tTOnxZSt MTqjRp8zX80qhQVMlVj7d9TQLX25bR9Vx4//Kktu3EIsON+ddxy+LZQBlX7l4XMy SP8FGfSp+GV6jiS+aOoRw+NaE8omM8AwYi0Clv562FIcM8qiqGt+O/QK0peN5JYA COa/6uSPsNftk7Sq3aQ0jWV35L92r2S1FeIg6FGanyqLO1Y+sKePY5T5HRSNpp06 lh00QeAdYlcGrIBbsQnds4uHW5PPrS7HoafCEuIPdCDoCjZTms3i9K3f57ZQ6ojn mpKaQgiWVPGenzAIh+JzFaMWTdMwVt6nDPuSt9SC6uDC20c+ffBjjsC2w0Bh/bVr yxas3NTobxggV8lN0PF0MHx776QtRyc+XukUZ+7FPm6irhfqMVBkUrD95s/qjNNF KNm8Nsz+HFqwaP0XCkfiBTPZs5yWf83KA/Qw9MOoJGVLXF28wzrELxPl8eMizCtX MCfop2FzGCCMkanRHMzZ+RkFQ9+wN+WHw1UXiANEaM+55yGfIWhqYOH2zQZzByNY YdKlSrAw2jvODvawFclMYG+zD97pr1VMvLb8W8uUiqRwKnsu303EtTk+IyTCcoS9 KDczeRZr/X98Ww0gXOEnUcVsTby6fhbtIgUbPt/3obsV6joyaHf5/mHj49uPluva TLag+xVs1p4=vq4F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
-
spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
-
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1675",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.15"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "insurance calculation engine",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.5"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail point-of-sale",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.1"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "retail point-of-sale",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.2"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.0.1"
},
{
"model": "insurance calculation engine",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.15"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.1"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.9"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.14"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.15"
}
],
"sources": [
{
"db": "BID",
"id": "103699"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.15",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1271"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Tsai (@orange_8361) from DEVCORE.",
"sources": [
{
"db": "BID",
"id": "103699"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1271",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1271",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-122696",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1271",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1271",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-244",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122696",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1271",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122696"
},
{
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Framework Contains a path traversal vulnerability.Information may be obtained. Pivotal Spring Framework is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. \nA remote attacker could exploit this issue using directory-traversal characters (\u0027../\u0027) to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks. ### Affected Pivotal Products and Versions * Severity is high unless otherwise noted. Note also that this attack does not apply to applications that: Do not... -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Fuse 7.1 security update\nAdvisory ID: RHSA-2018:2669-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2669\nIssue date: 2018-09-11\nCross references: RHBA-2018:2665-04\nCVE Names: CVE-2014-0114 CVE-2016-5397 CVE-2016-1000338\n CVE-2016-1000339 CVE-2016-1000340 CVE-2016-1000341\n CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000344\n CVE-2016-1000345 CVE-2016-1000346 CVE-2016-1000352\n CVE-2017-14063 CVE-2018-1114 CVE-2018-1271\n CVE-2018-1272 CVE-2018-1338 CVE-2018-1339\n CVE-2018-8036 CVE-2018-8088 CVE-2018-1000129\n CVE-2018-1000130 CVE-2018-1000180\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Fuse. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nThis release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse\n7.0, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* Apache Struts 1: Class Loader manipulation via request parameters\n(CVE-2014-0114)\n\n* thrift: Improper file path sanitization in\nt_go_generator.cc:format_go_output() of the go client library can allow an\nattacker to inject commands (CVE-2016-5397)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow\nfor arbitrary code execution (CVE-2018-8088)\n\n* jolokia: JMX proxy mode vulnerable to remote code execution\n(CVE-2018-1000130)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during signature\nverification allowing for injection of unsigned data (CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via timing\nattack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n(CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode\n(CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle\nattack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated\n(CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode\n(CVE-2016-1000352)\n\n* async-http-client: Invalid URL parsing with \u0027?\u0027 (CVE-2017-14063)\n\n* undertow: File descriptor leak caused by\nJarURLConnection.getLastModified() allows attacker to cause a denial of\nservice (CVE-2018-1114)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tika: Infinite loop in BPGParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1338)\n\n* tika: Infinite loop in ChmParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1339)\n\n* pdfbox: Infinite loop in AFMParser.java allows for out of memory erros\nvia crafted PDF (CVE-2018-8036)\n\n* jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator\n(CVE-2018-1000180)\n\n* bouncycastle: Carry propagation bug in math.raw.Nat??? class\n(CVE-2016-1000340)\n\n* bouncycastle: DSA key pair generator generates a weak private key by\ndefault (CVE-2016-1000343)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with \u0027?\u0027\n1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands\n1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution\n1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution\n1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service\n1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service\n1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service\n1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator\n1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data\n1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode\n1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack\n1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated\n1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode\n1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class\n1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class\n1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack\n1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default\n1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-0114\nhttps://access.redhat.com/security/cve/CVE-2016-5397\nhttps://access.redhat.com/security/cve/CVE-2016-1000338\nhttps://access.redhat.com/security/cve/CVE-2016-1000339\nhttps://access.redhat.com/security/cve/CVE-2016-1000340\nhttps://access.redhat.com/security/cve/CVE-2016-1000341\nhttps://access.redhat.com/security/cve/CVE-2016-1000342\nhttps://access.redhat.com/security/cve/CVE-2016-1000343\nhttps://access.redhat.com/security/cve/CVE-2016-1000344\nhttps://access.redhat.com/security/cve/CVE-2016-1000345\nhttps://access.redhat.com/security/cve/CVE-2016-1000346\nhttps://access.redhat.com/security/cve/CVE-2016-1000352\nhttps://access.redhat.com/security/cve/CVE-2017-14063\nhttps://access.redhat.com/security/cve/CVE-2018-1114\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1272\nhttps://access.redhat.com/security/cve/CVE-2018-1338\nhttps://access.redhat.com/security/cve/CVE-2018-1339\nhttps://access.redhat.com/security/cve/CVE-2018-8036\nhttps://access.redhat.com/security/cve/CVE-2018-8088\nhttps://access.redhat.com/security/cve/CVE-2018-1000129\nhttps://access.redhat.com/security/cve/CVE-2018-1000130\nhttps://access.redhat.com/security/cve/CVE-2018-1000180\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=7.1.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/\nhttps://access.redhat.com/articles/2939351\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW5d0pdzjgjWX9erEAQg6Yw//dFPzbxBQz8m4jwPwRjNmTDM/tTOnxZSt\nMTqjRp8zX80qhQVMlVj7d9TQLX25bR9Vx4//Kktu3EIsON+ddxy+LZQBlX7l4XMy\nSP8FGfSp+GV6jiS+aOoRw+NaE8omM8AwYi0Clv562FIcM8qiqGt+O/QK0peN5JYA\nCOa/6uSPsNftk7Sq3aQ0jWV35L92r2S1FeIg6FGanyqLO1Y+sKePY5T5HRSNpp06\nlh00QeAdYlcGrIBbsQnds4uHW5PPrS7HoafCEuIPdCDoCjZTms3i9K3f57ZQ6ojn\nmpKaQgiWVPGenzAIh+JzFaMWTdMwVt6nDPuSt9SC6uDC20c+ffBjjsC2w0Bh/bVr\nyxas3NTobxggV8lN0PF0MHx776QtRyc+XukUZ+7FPm6irhfqMVBkUrD95s/qjNNF\nKNm8Nsz+HFqwaP0XCkfiBTPZs5yWf83KA/Qw9MOoJGVLXF28wzrELxPl8eMizCtX\nMCfop2FzGCCMkanRHMzZ+RkFQ9+wN+WHw1UXiANEaM+55yGfIWhqYOH2zQZzByNY\nYdKlSrAw2jvODvawFclMYG+zD97pr1VMvLb8W8uUiqRwKnsu303EtTk+IyTCcoS9\nKDczeRZr/X98Ww0gXOEnUcVsTby6fhbtIgUbPt/3obsV6joyaHf5/mHj49uPluva\nTLag+xVs1p4=vq4F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "BID",
"id": "103699"
},
{
"db": "VULHUB",
"id": "VHN-122696"
},
{
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-122696",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122696"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1271",
"trust": 3.2
},
{
"db": "BID",
"id": "103699",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0544",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201804-244",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "147489",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-97483",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-122696",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149311",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149847",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122696"
},
{
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"db": "BID",
"id": "103699"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"id": "VAR-201804-1675",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122696"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:35:15.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1271: Directory Traversal with Spring MVC on Windows",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1271"
},
{
"title": "Pivotal Spring Framework Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83087"
},
{
"title": "Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182939 - security advisory"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182669 - security advisory"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Vulnerability_Environment",
"trust": 0.1,
"url": "https://github.com/x-f1v3/vulnerability_environment "
},
{
"title": "Poc-Exp",
"trust": 0.1,
"url": "https://github.com/0wlsec/poc-exp "
},
{
"title": "Poc-Exp",
"trust": 0.1,
"url": "https://github.com/pen4uin/poc-exp "
},
{
"title": "gocarts",
"trust": 0.1,
"url": "https://github.com/tomoyamachi/gocarts "
},
{
"title": "nuclei-templates",
"trust": 0.1,
"url": "https://github.com/projectdiscovery/nuclei-templates "
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "pt",
"trust": 0.1,
"url": "https://github.com/superfish9/pt "
},
{
"title": "vulnerability-lab",
"trust": 0.1,
"url": "https://github.com/pen4uin/vulnerability-lab "
},
{
"title": "Vulnerability_Research",
"trust": 0.1,
"url": "https://github.com/pen4uin/vulnerability_research "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/merlinepedra25/nuclei-templates "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pen4uin/awesome-vulnerability-research "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/merlinepedra/nuclei-templates "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pen4uin/vulnerability-research-list "
},
{
"title": "nuclei-templates",
"trust": 0.1,
"url": "https://github.com/storenth/nuclei-templates "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pen4uin/vulnerability-research "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122696"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "NVD",
"id": "CVE-2018-1271"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/103699"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1271"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:1320"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2939"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1271"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75922"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.3,
"url": "http://pivotal.io/"
},
{
"trust": 0.3,
"url": "http://www.springframework.org/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1272"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1272"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57443"
},
{
"trust": 0.1,
"url": "https://github.com/x-f1v3/vulnerability_environment"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14063"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000339"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2939351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000339"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1270"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3060411"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.spring.boot\u0026version=1.5.12"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122696"
},
{
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"db": "BID",
"id": "103699"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122696"
},
{
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"db": "BID",
"id": "103699"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-122696"
},
{
"date": "2018-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103699"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"date": "2018-09-11T15:41:48",
"db": "PACKETSTORM",
"id": "149311"
},
{
"date": "2018-10-18T03:51:21",
"db": "PACKETSTORM",
"id": "149847"
},
{
"date": "2018-05-04T01:11:44",
"db": "PACKETSTORM",
"id": "147489"
},
{
"date": "2018-04-06T13:29:00.500000",
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"date": "2018-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-122696"
},
{
"date": "2022-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1271"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103699"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003098"
},
{
"date": "2022-06-23T16:33:38.010000",
"db": "NVD",
"id": "CVE-2018-1271"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-244"
}
],
"trust": 0.6
}
}
var-201804-1674
Vulnerability from variot
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. Spring Framework Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Failed exploit attempts will likely result in denial-of-service conditions. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Fuse 7.1 security update Advisory ID: RHSA-2018:2669-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2669 Issue date: 2018-09-11 Cross references: RHBA-2018:2665-04 CVE Names: CVE-2014-0114 CVE-2016-5397 CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000340 CVE-2016-1000341 CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000344 CVE-2016-1000345 CVE-2016-1000346 CVE-2016-1000352 CVE-2017-14063 CVE-2018-1114 CVE-2018-1271 CVE-2018-1272 CVE-2018-1338 CVE-2018-1339 CVE-2018-8036 CVE-2018-8088 CVE-2018-1000129 CVE-2018-1000130 CVE-2018-1000180 ==================================================================== 1. Summary:
An update is now available for Red Hat Fuse.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)
-
thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
-
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
-
jolokia: JMX proxy mode vulnerable to remote code execution (CVE-2018-1000130)
-
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)
-
bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)
-
bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)
-
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)
-
bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)
-
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)
-
bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)
-
bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)
-
async-http-client: Invalid URL parsing with '?' (CVE-2017-14063)
-
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service (CVE-2018-1338)
-
tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service (CVE-2018-1339)
-
pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF (CVE-2018-8036)
-
jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)
-
bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
-
bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)
-
bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with '?' 1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution 1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service 1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service 1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service 1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator 1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data 1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode 1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack 1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated 1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode 1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class 1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class 1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack 1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature 1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default 1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF
- References:
https://access.redhat.com/security/cve/CVE-2014-0114 https://access.redhat.com/security/cve/CVE-2016-5397 https://access.redhat.com/security/cve/CVE-2016-1000338 https://access.redhat.com/security/cve/CVE-2016-1000339 https://access.redhat.com/security/cve/CVE-2016-1000340 https://access.redhat.com/security/cve/CVE-2016-1000341 https://access.redhat.com/security/cve/CVE-2016-1000342 https://access.redhat.com/security/cve/CVE-2016-1000343 https://access.redhat.com/security/cve/CVE-2016-1000344 https://access.redhat.com/security/cve/CVE-2016-1000345 https://access.redhat.com/security/cve/CVE-2016-1000346 https://access.redhat.com/security/cve/CVE-2016-1000352 https://access.redhat.com/security/cve/CVE-2017-14063 https://access.redhat.com/security/cve/CVE-2018-1114 https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1272 https://access.redhat.com/security/cve/CVE-2018-1338 https://access.redhat.com/security/cve/CVE-2018-1339 https://access.redhat.com/security/cve/CVE-2018-8036 https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/cve/CVE-2018-1000129 https://access.redhat.com/security/cve/CVE-2018-1000130 https://access.redhat.com/security/cve/CVE-2018-1000180 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.1.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/ https://access.redhat.com/articles/2939351
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW5d0pdzjgjWX9erEAQg6Yw//dFPzbxBQz8m4jwPwRjNmTDM/tTOnxZSt MTqjRp8zX80qhQVMlVj7d9TQLX25bR9Vx4//Kktu3EIsON+ddxy+LZQBlX7l4XMy SP8FGfSp+GV6jiS+aOoRw+NaE8omM8AwYi0Clv562FIcM8qiqGt+O/QK0peN5JYA COa/6uSPsNftk7Sq3aQ0jWV35L92r2S1FeIg6FGanyqLO1Y+sKePY5T5HRSNpp06 lh00QeAdYlcGrIBbsQnds4uHW5PPrS7HoafCEuIPdCDoCjZTms3i9K3f57ZQ6ojn mpKaQgiWVPGenzAIh+JzFaMWTdMwVt6nDPuSt9SC6uDC20c+ffBjjsC2w0Bh/bVr yxas3NTobxggV8lN0PF0MHx776QtRyc+XukUZ+7FPm6irhfqMVBkUrD95s/qjNNF KNm8Nsz+HFqwaP0XCkfiBTPZs5yWf83KA/Qw9MOoJGVLXF28wzrELxPl8eMizCtX MCfop2FzGCCMkanRHMzZ+RkFQ9+wN+WHw1UXiANEaM+55yGfIWhqYOH2zQZzByNY YdKlSrAw2jvODvawFclMYG+zD97pr1VMvLb8W8uUiqRwKnsu303EtTk+IyTCcoS9 KDczeRZr/X98Ww0gXOEnUcVsTby6fhbtIgUbPt/3obsV6joyaHf5/mHj49uPluva TLag+xVs1p4=vq4F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
-
spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
-
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1674",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.15"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.5"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail point-of-sale",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.1"
},
{
"model": "retail point-of-sale",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.2"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.15"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.1"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.9"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "jboss a-mq",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.14"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.15"
}
],
"sources": [
{
"db": "BID",
"id": "103697"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.15",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philippe Arteau from GoSecure.",
"sources": [
{
"db": "BID",
"id": "103697"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1272",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-122707",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1272",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1272",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-243",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122707",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122707"
},
{
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. Spring Framework Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to a remote privilege-escalation vulnerability. \nAn attacker can exploit this issue to gain elevated privileges. Failed exploit attempts will likely result in denial-of-service conditions. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Fuse 7.1 security update\nAdvisory ID: RHSA-2018:2669-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2669\nIssue date: 2018-09-11\nCross references: RHBA-2018:2665-04\nCVE Names: CVE-2014-0114 CVE-2016-5397 CVE-2016-1000338\n CVE-2016-1000339 CVE-2016-1000340 CVE-2016-1000341\n CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000344\n CVE-2016-1000345 CVE-2016-1000346 CVE-2016-1000352\n CVE-2017-14063 CVE-2018-1114 CVE-2018-1271\n CVE-2018-1272 CVE-2018-1338 CVE-2018-1339\n CVE-2018-8036 CVE-2018-8088 CVE-2018-1000129\n CVE-2018-1000130 CVE-2018-1000180\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Fuse. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nThis release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse\n7.0, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* Apache Struts 1: Class Loader manipulation via request parameters\n(CVE-2014-0114)\n\n* thrift: Improper file path sanitization in\nt_go_generator.cc:format_go_output() of the go client library can allow an\nattacker to inject commands (CVE-2016-5397)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow\nfor arbitrary code execution (CVE-2018-8088)\n\n* jolokia: JMX proxy mode vulnerable to remote code execution\n(CVE-2018-1000130)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during signature\nverification allowing for injection of unsigned data (CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via timing\nattack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n(CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode\n(CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle\nattack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated\n(CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode\n(CVE-2016-1000352)\n\n* async-http-client: Invalid URL parsing with \u0027?\u0027 (CVE-2017-14063)\n\n* undertow: File descriptor leak caused by\nJarURLConnection.getLastModified() allows attacker to cause a denial of\nservice (CVE-2018-1114)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tika: Infinite loop in BPGParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1338)\n\n* tika: Infinite loop in ChmParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1339)\n\n* pdfbox: Infinite loop in AFMParser.java allows for out of memory erros\nvia crafted PDF (CVE-2018-8036)\n\n* jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator\n(CVE-2018-1000180)\n\n* bouncycastle: Carry propagation bug in math.raw.Nat??? class\n(CVE-2016-1000340)\n\n* bouncycastle: DSA key pair generator generates a weak private key by\ndefault (CVE-2016-1000343)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with \u0027?\u0027\n1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands\n1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution\n1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution\n1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service\n1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service\n1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service\n1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator\n1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data\n1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode\n1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack\n1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated\n1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode\n1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class\n1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class\n1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack\n1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default\n1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-0114\nhttps://access.redhat.com/security/cve/CVE-2016-5397\nhttps://access.redhat.com/security/cve/CVE-2016-1000338\nhttps://access.redhat.com/security/cve/CVE-2016-1000339\nhttps://access.redhat.com/security/cve/CVE-2016-1000340\nhttps://access.redhat.com/security/cve/CVE-2016-1000341\nhttps://access.redhat.com/security/cve/CVE-2016-1000342\nhttps://access.redhat.com/security/cve/CVE-2016-1000343\nhttps://access.redhat.com/security/cve/CVE-2016-1000344\nhttps://access.redhat.com/security/cve/CVE-2016-1000345\nhttps://access.redhat.com/security/cve/CVE-2016-1000346\nhttps://access.redhat.com/security/cve/CVE-2016-1000352\nhttps://access.redhat.com/security/cve/CVE-2017-14063\nhttps://access.redhat.com/security/cve/CVE-2018-1114\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1272\nhttps://access.redhat.com/security/cve/CVE-2018-1338\nhttps://access.redhat.com/security/cve/CVE-2018-1339\nhttps://access.redhat.com/security/cve/CVE-2018-8036\nhttps://access.redhat.com/security/cve/CVE-2018-8088\nhttps://access.redhat.com/security/cve/CVE-2018-1000129\nhttps://access.redhat.com/security/cve/CVE-2018-1000130\nhttps://access.redhat.com/security/cve/CVE-2018-1000180\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=7.1.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/\nhttps://access.redhat.com/articles/2939351\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW5d0pdzjgjWX9erEAQg6Yw//dFPzbxBQz8m4jwPwRjNmTDM/tTOnxZSt\nMTqjRp8zX80qhQVMlVj7d9TQLX25bR9Vx4//Kktu3EIsON+ddxy+LZQBlX7l4XMy\nSP8FGfSp+GV6jiS+aOoRw+NaE8omM8AwYi0Clv562FIcM8qiqGt+O/QK0peN5JYA\nCOa/6uSPsNftk7Sq3aQ0jWV35L92r2S1FeIg6FGanyqLO1Y+sKePY5T5HRSNpp06\nlh00QeAdYlcGrIBbsQnds4uHW5PPrS7HoafCEuIPdCDoCjZTms3i9K3f57ZQ6ojn\nmpKaQgiWVPGenzAIh+JzFaMWTdMwVt6nDPuSt9SC6uDC20c+ffBjjsC2w0Bh/bVr\nyxas3NTobxggV8lN0PF0MHx776QtRyc+XukUZ+7FPm6irhfqMVBkUrD95s/qjNNF\nKNm8Nsz+HFqwaP0XCkfiBTPZs5yWf83KA/Qw9MOoJGVLXF28wzrELxPl8eMizCtX\nMCfop2FzGCCMkanRHMzZ+RkFQ9+wN+WHw1UXiANEaM+55yGfIWhqYOH2zQZzByNY\nYdKlSrAw2jvODvawFclMYG+zD97pr1VMvLb8W8uUiqRwKnsu303EtTk+IyTCcoS9\nKDczeRZr/X98Ww0gXOEnUcVsTby6fhbtIgUbPt/3obsV6joyaHf5/mHj49uPluva\nTLag+xVs1p4=vq4F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "BID",
"id": "103697"
},
{
"db": "VULHUB",
"id": "VHN-122707"
},
{
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "147489"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1272",
"trust": 3.1
},
{
"db": "BID",
"id": "103697",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-243",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0544",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122707",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1272",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149311",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147489",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122707"
},
{
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"db": "BID",
"id": "103697"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"id": "VAR-201804-1674",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122707"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:15:01.805000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1272: Multipart Content Pollution with Spring Framework",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1272"
},
{
"title": "Pivotal Spring Framework Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83086"
},
{
"title": "Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf592ea3b0a1913a29c923afe44cd4b7"
},
{
"title": "Red Hat: CVE-2018-1272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1272"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182669 - security advisory"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "gocarts",
"trust": 0.1,
"url": "https://github.com/tomoyamachi/gocarts "
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122707"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "NVD",
"id": "CVE-2018-1272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/103697"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1272"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:1320"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1272"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1272"
},
{
"trust": 0.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141286"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75922"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-1272"
},
{
"trust": 0.3,
"url": "http://pivotal.io/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1271"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57444"
},
{
"trust": 0.1,
"url": "https://github.com/tomoyamachi/gocarts"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14063"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000339"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2939351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000339"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.spring.boot\u0026version=1.5.12"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122707"
},
{
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"db": "BID",
"id": "103697"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122707"
},
{
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"db": "BID",
"id": "103697"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-122707"
},
{
"date": "2018-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103697"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"date": "2018-09-11T15:41:48",
"db": "PACKETSTORM",
"id": "149311"
},
{
"date": "2018-05-04T01:11:44",
"db": "PACKETSTORM",
"id": "147489"
},
{
"date": "2018-04-06T13:29:00.563000",
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"date": "2018-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-122707"
},
{
"date": "2022-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1272"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103697"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003099"
},
{
"date": "2022-06-23T16:33:56.963000",
"db": "NVD",
"id": "CVE-2018-1272"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003099"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-243"
}
],
"trust": 0.6
}
}
var-201805-1190
Vulnerability from variot
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. Pivotal Software Spring Security is a set of security framework provided by American Pivotal Software Company to provide descriptive security protection for Spring-based applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Fuse 7.4.0 security update Advisory ID: RHSA-2019:2413-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2019:2413 Issue date: 2019-08-08 CVE Names: CVE-2016-10750 CVE-2018-1258 CVE-2018-1320 CVE-2018-8088 CVE-2018-10899 CVE-2018-15758 CVE-2019-0192 CVE-2019-3805 ==================================================================== 1. Summary:
A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)
-
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
-
jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)
-
spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)
-
solr: remote code execution due to unsafe deserialization (CVE-2019-0192)
-
thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)
-
spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)
-
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/
- Bugs fixed (https://bugzilla.redhat.com/):
1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1578582 - CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security 1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution 1643048 - CVE-2018-15758 spring-security-oauth: Privilege escalation by manipulating saved authorization request 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1667204 - CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class 1692345 - CVE-2019-0192 solr: remote code execution due to unsafe deserialization 1713215 - CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution
- References:
https://access.redhat.com/security/cve/CVE-2016-10750 https://access.redhat.com/security/cve/CVE-2018-1258 https://access.redhat.com/security/cve/CVE-2018-1320 https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/cve/CVE-2018-10899 https://access.redhat.com/security/cve/CVE-2018-15758 https://access.redhat.com/security/cve/CVE-2019-0192 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUv0xNzjgjWX9erEAQhCzRAAjdpuIeE+WhWxaZpzsfh333p6RXGKoB8g 4BGVD7yZjSNoPmRzkSuaNUTT0wYZdRLSNeYK1FvxqZlTBesHbe3IV80gDNiV2vad VzwNYukUoa6s8hdzKY/zCKwhuZ5cWkk+FLjFAPEfZt2Typ3kyYPnK/RxNnzfeSgc 90xh60LImUIJK/hGyOL40z8pGFbG404TJbdezYnQt0/l0NBGxPqBGOHnIgpZhAgw gNMEglpIrxap4UzwSEzA5tmjRUDHeUBpsUpKsez5XL2ECssqrRyK8Hj/KeacnARF Mnvf4U/lIOamD6Tles8IAFo/kexW+OxKiHbivOFutraLdEXysgkK8Uf5EQqYKW9+ 7OgEuyMxUi5Pbj4kL666iBp5oV95gEHm2zcQEbn65BFJ3nomb5nReHh5t7G0AqHy GYj9dlx84+UG0Fr717Vi586KwtCu6rgdZJS25+0kSCeZk/cowYLW09G+j/+Jk3yg N/uUfoxqmC/A+SyupFh1A9XZg7oZhkB+Qwo6D2+BejiwXsD8Jv4uzrI7U7+Lg/YK UFa2oqArMKNrF0zf9152lqCEpOL8dCO3X8RcB8LmQcapmr1MYGB+18oNT4o3JcY3 Aa1hoi5+2gGgR7HHuqTsxnDXYPtgqR9CMylc5gmYsMFK5W3sNX8Z/qazoH3fIVtu NNAto03aZgE=rpUB -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1190",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "micros lucas",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "2.9.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "spring security",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "*"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.5"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2.8191"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"model": "oncommand unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oncommand unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "peoplesoft enterprise fin install",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "enterprise repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "enterprise repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "enterprise manager for mysql database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.6"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.8"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.7"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.5"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.9"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.1"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.4"
},
{
"model": "spring security",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "0"
},
{
"model": "spring framework 5.0.5.release",
"scope": null,
"trust": 0.3,
"vendor": "pivotal",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0.3.100"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1.3.37"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0.3.26"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.2.8191"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.6.5281"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.4.9.4237"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.21"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "communications performance intelligence center software",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications performance intelligence center software",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5.1"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0.2"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.6"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework 5.0.6.release",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": null
},
{
"model": "communications services gatekeeper",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "communications performance intelligence center software",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "communications diameter signaling router",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
}
],
"sources": [
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.2.8191",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1258"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,Spring Security Team.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
],
"trust": 0.6
},
"cve": "CVE-2018-1258",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1258",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-122553",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1258",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1258",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-404",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122553",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1258",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. Pivotal Software Spring Security is a set of security framework provided by American Pivotal Software Company to provide descriptive security protection for Spring-based applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.4.0 security update\nAdvisory ID: RHSA-2019:2413-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2413\nIssue date: 2019-08-08\nCVE Names: CVE-2016-10750 CVE-2018-1258 CVE-2018-1320\n CVE-2018-8088 CVE-2018-10899 CVE-2018-15758\n CVE-2019-0192 CVE-2019-3805\n====================================================================\n1. Summary:\n\nA minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nThis release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse\n7.3, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* hazelcast: java deserialization in join cluster procedure leading to\nremote code execution (CVE-2016-10750)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow\nfor arbitrary code execution (CVE-2018-8088)\n\n* jolokia: system-wide CSRF that could lead to Remote Code Execution\n(CVE-2018-10899)\n\n* spring-security-oauth: Privilege escalation by manipulating saved\nauthorization request (CVE-2018-15758)\n\n* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)\n\n* thrift: SASL negotiation isComplete validation bypass in the\norg.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)\n\n* spring-security-core: Unauthorized Access with Spring Security Method\nSecurity (CVE-2018-1258)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.4.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution\n1578582 - CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security\n1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution\n1643048 - CVE-2018-15758 spring-security-oauth: Privilege escalation by manipulating saved authorization request\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1667204 - CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class\n1692345 - CVE-2019-0192 solr: remote code execution due to unsafe deserialization\n1713215 - CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10750\nhttps://access.redhat.com/security/cve/CVE-2018-1258\nhttps://access.redhat.com/security/cve/CVE-2018-1320\nhttps://access.redhat.com/security/cve/CVE-2018-8088\nhttps://access.redhat.com/security/cve/CVE-2018-10899\nhttps://access.redhat.com/security/cve/CVE-2018-15758\nhttps://access.redhat.com/security/cve/CVE-2019-0192\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.4.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUv0xNzjgjWX9erEAQhCzRAAjdpuIeE+WhWxaZpzsfh333p6RXGKoB8g\n4BGVD7yZjSNoPmRzkSuaNUTT0wYZdRLSNeYK1FvxqZlTBesHbe3IV80gDNiV2vad\nVzwNYukUoa6s8hdzKY/zCKwhuZ5cWkk+FLjFAPEfZt2Typ3kyYPnK/RxNnzfeSgc\n90xh60LImUIJK/hGyOL40z8pGFbG404TJbdezYnQt0/l0NBGxPqBGOHnIgpZhAgw\ngNMEglpIrxap4UzwSEzA5tmjRUDHeUBpsUpKsez5XL2ECssqrRyK8Hj/KeacnARF\nMnvf4U/lIOamD6Tles8IAFo/kexW+OxKiHbivOFutraLdEXysgkK8Uf5EQqYKW9+\n7OgEuyMxUi5Pbj4kL666iBp5oV95gEHm2zcQEbn65BFJ3nomb5nReHh5t7G0AqHy\nGYj9dlx84+UG0Fr717Vi586KwtCu6rgdZJS25+0kSCeZk/cowYLW09G+j/+Jk3yg\nN/uUfoxqmC/A+SyupFh1A9XZg7oZhkB+Qwo6D2+BejiwXsD8Jv4uzrI7U7+Lg/YK\nUFa2oqArMKNrF0zf9152lqCEpOL8dCO3X8RcB8LmQcapmr1MYGB+18oNT4o3JcY3\nAa1hoi5+2gGgR7HHuqTsxnDXYPtgqR9CMylc5gmYsMFK5W3sNX8Z/qazoH3fIVtu\nNNAto03aZgE=rpUB\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "PACKETSTORM",
"id": "153980"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1258",
"trust": 3.0
},
{
"db": "BID",
"id": "104222",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041896",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041888",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "153980",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3040",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122553",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1258",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"id": "VAR-201805-1190",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:33:07.574000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1258: Unauthorized Access with Spring Security Method Security",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"title": "Pivotal Spring Security and Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80031"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192413 - security advisory"
},
{
"title": "Red Hat: CVE-2018-1258",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1258"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "nvd_scrapper",
"trust": 0.1,
"url": "https://github.com/abhav/nvd_scrapper "
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-285",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/104222"
},
{
"trust": 2.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:2413"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041888"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041896"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1258"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1258"
},
{
"trust": 0.6,
"url": "http://pivotal.io/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153980/red-hat-security-advisory-2019-2413-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3040/"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/abhav/nvd_scrapper"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.4.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1320"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10750"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1320"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-15758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-122553"
},
{
"date": "2018-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"date": "2018-05-09T00:00:00",
"db": "BID",
"id": "104222"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"date": "2019-08-08T14:34:03",
"db": "PACKETSTORM",
"id": "153980"
},
{
"date": "2018-05-11T20:29:00.260000",
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"date": "2018-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-122553"
},
{
"date": "2022-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"date": "2019-07-17T09:00:00",
"db": "BID",
"id": "104222"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"date": "2022-04-11T17:18:30.107000",
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Authorization vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
],
"trust": 0.6
}
}
var-202101-1932
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1932",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "NVD",
"id": "CVE-2020-36180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36180"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36180",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381447",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36180",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36180",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381447",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36180",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381447"
},
{
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "NVD",
"id": "CVE-2020-36180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36180"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381447"
},
{
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36180",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-326",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381447",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36180",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381447"
},
{
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
]
},
"id": "VAR-202101-1932",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381447"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:46:04.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138933"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "CVE-2020-36179",
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-36179 "
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381447"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "NVD",
"id": "CVE-2020-36180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/3004"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381447"
},
{
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381447"
},
{
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-381447"
},
{
"date": "2021-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-07T00:15:14.913000",
"db": "NVD",
"id": "CVE-2020-36180"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381447"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36180"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-002836"
},
{
"date": "2023-09-13T14:56:32.590000",
"db": "NVD",
"id": "CVE-2020-36180"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202101-1930
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. A code issue vulnerability exists in FasterXML jackson-databind versions 2.x through 2.9.10.8 due to the software's failure to handle interactions with org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1930",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0."
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "NVD",
"id": "CVE-2020-36183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36183"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36183",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36183",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381450",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36183",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36183",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381450",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36183",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381450"
},
{
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "NVD",
"id": "CVE-2020-36183"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. A code issue vulnerability exists in FasterXML jackson-databind versions 2.x through 2.9.10.8 due to the software\u0027s failure to handle interactions with org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381450"
},
{
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36183",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-371",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381450",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36183",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381450"
},
{
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36183"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
]
},
"id": "VAR-202101-1930",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381450"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:12:50.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "xalan-interpretive,\u00a0CVE-2020-36183)\u00a0#3003 NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138966"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381450"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "NVD",
"id": "CVE-2020-36183"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/3003"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381450"
},
{
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36183"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381450"
},
{
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36183"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-381450"
},
{
"date": "2021-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-07T00:15:15.023000",
"db": "NVD",
"id": "CVE-2020-36183"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381450"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36183"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-002838"
},
{
"date": "2023-09-13T14:56:58",
"db": "NVD",
"id": "CVE-2020-36183"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002838"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202101-1931
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1931",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-325"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36182",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36182",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381449",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36182",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36182",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-325",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381449",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36182",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381449"
},
{
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-325"
},
{
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36182"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381449"
},
{
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36182",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-325",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381449",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36182",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381449"
},
{
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-325"
},
{
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"id": "VAR-202101-1931",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381449"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-12T23:58:38.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138932"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "https://github.com/Al1ex/CVE-2020-36179",
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-36179 "
},
{
"title": "https://github.com/Al1ex/Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/anonymous-phunter/phunter "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/cgcl-codes/phunter "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-325"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381449"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/3004"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381449"
},
{
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-325"
},
{
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381449"
},
{
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-325"
},
{
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-381449"
},
{
"date": "2021-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-325"
},
{
"date": "2021-01-07T00:15:14.960000",
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381449"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36182"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-002837"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-325"
},
{
"date": "2023-09-13T14:56:46.657000",
"db": "NVD",
"id": "CVE-2020-36182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202012-1539
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind versions 2.x to 2.9.10.8 have a security vulnerability, which stems from incorrectly handling the interaction between serialization widgets and types, involving com.oracle.wls.shaded.org.apache. xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1539",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "autovue",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12",
"versionStartIncluding": "18.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1602"
}
],
"trust": 0.8
},
"cve": "CVE-2020-35728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-379341",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-35728",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1602",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-379341",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-35728",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379341"
},
{
"db": "VULMON",
"id": "CVE-2020-35728"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1602"
},
{
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind versions 2.x to 2.9.10.8 have a security vulnerability, which stems from incorrectly handling the interaction between serialization widgets and types, involving com.oracle.wls.shaded.org.apache. xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35728"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-379341"
},
{
"db": "VULMON",
"id": "CVE-2020-35728"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35728",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1602",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0334",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379341",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379341"
},
{
"db": "VULMON",
"id": "CVE-2020-35728"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1602"
},
{
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"id": "VAR-202012-1539",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379341"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-12T23:22:33.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "Awesome Stars",
"trust": 0.1,
"url": "https://github.com/netw0rk1le3r/awesome-hacking-lists "
},
{
"title": "Awesome Stars",
"trust": 0.1,
"url": "https://github.com/readloud/awesome-stars "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/vulnerability "
},
{
"title": "\u66f4\u65b0\u4e8e 2023-11-27 08:36:01\n\u5b89\u5168\n\u5f00\u53d1\n\u672a\u5206\u7c7b\n\u6742\u4e03\u6742\u516b",
"trust": 0.1,
"url": "https://github.com/20142995/sectool "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/sexybeast233/secbooks "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-35728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379341"
},
{
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210129-0007/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2999"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.1,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0334/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-network-performance-insight-1-3-1-was-affected-by-jackson-databind-vulnerability-cve-2020-35728/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-9/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html"
},
{
"trust": 0.1,
"url": "https://github.com/readloud/awesome-stars"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379341"
},
{
"db": "VULMON",
"id": "CVE-2020-35728"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1602"
},
{
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379341"
},
{
"db": "VULMON",
"id": "CVE-2020-35728"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1602"
},
{
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-379341"
},
{
"date": "2020-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35728"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1602"
},
{
"date": "2020-12-27T05:15:11.590000",
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-379341"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35728"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1602"
},
{
"date": "2023-11-07T03:22:02.627000",
"db": "NVD",
"id": "CVE-2020-35728"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1602"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pillow Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202101-1938
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "NVD",
"id": "CVE-2020-36184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36184"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36184",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381451",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36184",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36184",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-344",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381451",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381451"
},
{
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "NVD",
"id": "CVE-2020-36184"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36184"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381451"
},
{
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36184",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-344",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381451",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36184",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381451"
},
{
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36184"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
]
},
"id": "VAR-202101-1938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381451"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:54:57.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138948"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/jonathan-elias/poc "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381451"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "NVD",
"id": "CVE-2020-36184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2998"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381451"
},
{
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36184"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381451"
},
{
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36184"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-381451"
},
{
"date": "2021-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-06T23:15:13.017000",
"db": "NVD",
"id": "CVE-2020-36184"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381451"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36184"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2020-015588"
},
{
"date": "2023-09-13T14:57:10.147000",
"db": "NVD",
"id": "CVE-2020-36184"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-344"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201912-0889
Vulnerability from variot
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. (CVE-2019-17571) A flaw was found in the Java logging library Apache Log4j in version 1.x. This allows a remote malicious user to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint. (CVE-2021-4104). Description:
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.
This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1 (Service Pack 1) serves as a replacement for Red Hat JBoss Data Virtualization 6.4.8, and mitigates the impact of the log4j CVE's referenced in this document by removing the affected classes from the patch. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/):
1785616 - CVE-2019-17571 log4j: deserialization of untrusted data in SocketServer 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
For the oldstable distribution (stretch), this problem has been fixed in version 1.2.17-7+deb9u1.
For the stable distribution (buster), this problem has been fixed in version 1.2.17-8+deb10u1.
We recommend that you upgrade your apache-log4j1.2 packages.
For the detailed security status of apache-log4j1.2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j1.2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6/FH1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RAJQ/9HLo721J7x4kWxFiWIP0Ui1xl8ZM6MBhA8qYfUD4DxKoHHfvYEq6Q7TTD +FlTX5rRrjvgHF+MgxG1XDHtwv7XWhczEiHzZKHLCX3CsG+AL+CMmGoVqBtKEncC FGYbVCSKYzxM8LaX2G1EyCzT2zfGZvPT5nFT7zAV0Ge6vpvWklF0s168h4pbG9hE cF6aPqAlWMy5pLVRI+3XE1og4MECjqXB9a7HSWlHfur6NSnQlrHhWOCDJBw5zpPu AKEfW5GvBaCdxdat1xTFqCu6h5387dtNsBlRrefp9q+fcrGj2Z351Lv7ccG5Co8T e/7iNyABu2fmi8x4WFQwS3PY4AsM/2sa+KHfXnttSXcQniXAccg6S1eCaWVqdNfZ 3LPmeBC5gX3UqDNZTVv+kvHvv7EsD1/6bMeVZlKQZkYAeysbLWdjkA+88f6kaVwD qv6mWCGo5k7ZoWCUKD1Zjz8VwBT4EI/2II5D93QgblVkHDX9CESfipIjJBJp7aJ7 wS2kvdXOko3JDaJbScpGmCnjCb5NhJ1KiBZSzXYHv3uhoqlI5QvYvC1bFHqC2GnT cF4syuMELN6nZ/Yoz8sJiT4Ilppz98vLerHbJoJZIPEOh15k8UKaFkdt5CpI8MGK 4+sL2iWyTtCjGYGuhDkk0KyLcqijybv282VIkXDtAetpi8MTdsE= =eH9L -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: log4j security update Advisory ID: RHSA-2022:5053-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5053 Issue date: 2022-06-15 CVE Names: CVE-2019-17571 =====================================================================
- Summary:
An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64
- Description:
Log4j is a tool to help the programmer output log statements to a variety of output targets.
Security Fix(es):
- log4j: deserialization of untrusted data in SocketServer (CVE-2019-17571)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Server (v. 6 ELS):
Source: log4j-1.2.14-6.7.el6_10.src.rpm
i386: log4j-1.2.14-6.7.el6_10.i686.rpm log4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm
s390x: log4j-1.2.14-6.7.el6_10.s390x.rpm log4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm
x86_64: log4j-1.2.14-6.7.el6_10.x86_64.rpm log4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6 ELS):
i386: log4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm log4j-javadoc-1.2.14-6.7.el6_10.i686.rpm log4j-manual-1.2.14-6.7.el6_10.i686.rpm
s390x: log4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm log4j-javadoc-1.2.14-6.7.el6_10.s390x.rpm log4j-manual-1.2.14-6.7.el6_10.s390x.rpm
x86_64: log4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm log4j-javadoc-1.2.14-6.7.el6_10.x86_64.rpm log4j-manual-1.2.14-6.7.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-17571 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYqnJeNzjgjWX9erEAQgGiQ/8DiTAwAZPNPQlrV5ItJ3I3AxT4ruBA995 bPYquIN3zX0afhrGRMWTs/aD/4vYkbUtLA5QzqYlE1dsbleGHcAbxmSfY+wE8tE7 Bg02UGNI7bru25JPZE5lSuNA8McZw/aBRcorwhSVRiBQ1GbPMQqAimbrNx98r6Qe QLupPSuNmbczUOh9X4gbPoqEeIizf8MtYbMS+LbpeIZWH7rELk3t7o63MerkAIYi yWjXzL8Xn3ylflXUzdRNIJ8QZC+nU7kgib3Ugm4TbC9F5A0w7TiAomb9qnHOP+mW 2HoGje7VZIeGX7rwtCIttW5Z9/LztkhXb/Yk1tzMM3Jo/HWgqoP8dULxian7L8aE DFlrGSbF0OQTDiYGVgGX2uW89Yi/XbX1nP7q0MtBq0D5P7z7yLKfHNyeksX+TFyV kxhUrHY8u3JLvWxWBoRzEH8TOhuoMXRIp/FkDpnnM6dDbwSyQsalGZzWnTqOHSwi sZDFnmuLQDUZQtslb4suSRgdQbu0xnvc+i38jbhoEOcH4xJGZnizRY/97wytq3Jp nBj2G0sRSMNlbcA4rr0zzTT6K/HiBhI9OWn3n76lj7jySFYrIUmPgCNhZy5dV1vx nK0c1WI+oRXn4xT4ekCYQUM/uysgWfeVLr9b2ArwaxMxvc4GiLA713gUgelejl6h 9kT6WndTNP0= =VXI/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5998-1 April 05, 2023
apache-log4j1.2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Apache Log4j.
Software Description: - apache-log4j1.2: Java-based open-source logging tool
Details:
It was discovered that the SocketServer component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-17571)
It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-23302)
It was discovered that Apache Log4j 1.2 incorrectly handled certain SQL statements. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305)
It was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23307)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: liblog4j1.2-java 1.2.17-9ubuntu0.2
Ubuntu 18.04 LTS: liblog4j1.2-java 1.2.17-8+deb10u1ubuntu0.2
Ubuntu 16.04 ESM: liblog4j1.2-java 1.2.17-7ubuntu1+esm1
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-16
https://security.gentoo.org/
Severity: Normal Title: Apache Log4j: Multiple Vulnerabilities Date: February 18, 2024 Bugs: #719146 ID: 202402-16
Synopsis
Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution.
Background
Log4j is a Java logging framework that supports various use cases with a rich set of components, a separate API, and a performance-optimized implementation.
Affected packages
Package Vulnerable Unaffected
dev-java/log4j <= 1.2.17 Vulnerable!
Description
Multiple vulnerabilities hav been discovered in Apache Log4j. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for log4j. We recommend that users unmerge it:
# emerge --ask --depclean "dev-java/log4j"
References
[ 1 ] CVE-2019-17571 https://nvd.nist.gov/vuln/detail/CVE-2019-17571 [ 2 ] CVE-2020-9488 https://nvd.nist.gov/vuln/detail/CVE-2020-9488 [ 3 ] CVE-2020-9493 https://nvd.nist.gov/vuln/detail/CVE-2020-9493 [ 4 ] CVE-2022-23302 https://nvd.nist.gov/vuln/detail/CVE-2022-23302 [ 5 ] CVE-2022-23305 https://nvd.nist.gov/vuln/detail/CVE-2022-23305
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0889",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"model": "financial services lending and leasing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.8.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "log4j",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.17"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "bookkeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "4.14.3"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "financial services lending and leasing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"model": "log4j",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.2 to 1.2.17"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.8.0",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
],
"trust": 0.8
},
"cve": "CVE-2019-17571",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-17571",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-149831",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17571",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17571",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-950",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-149831",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-17571",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. (CVE-2019-17571)\nA flaw was found in the Java logging library Apache Log4j in version 1.x. This allows a remote malicious user to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint. (CVE-2021-4104). Description:\n\nRed Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems - such as multiple databases, XML\nfiles, and even Hadoop systems - appear as a set of tables in a local\ndatabase. \n\nThis Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1\n(Service Pack 1) serves as a replacement for Red Hat JBoss Data\nVirtualization 6.4.8, and mitigates the impact of the log4j CVE\u0027s\nreferenced in this document by removing the affected classes from the\npatch. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Bugs fixed (https://bugzilla.redhat.com/):\n\n1785616 - CVE-2019-17571 log4j: deserialization of untrusted data in SocketServer\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n5. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 1.2.17-7+deb9u1. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.2.17-8+deb10u1. \n\nWe recommend that you upgrade your apache-log4j1.2 packages. \n\nFor the detailed security status of apache-log4j1.2 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j1.2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6/FH1fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RAJQ/9HLo721J7x4kWxFiWIP0Ui1xl8ZM6MBhA8qYfUD4DxKoHHfvYEq6Q7TTD\n+FlTX5rRrjvgHF+MgxG1XDHtwv7XWhczEiHzZKHLCX3CsG+AL+CMmGoVqBtKEncC\nFGYbVCSKYzxM8LaX2G1EyCzT2zfGZvPT5nFT7zAV0Ge6vpvWklF0s168h4pbG9hE\ncF6aPqAlWMy5pLVRI+3XE1og4MECjqXB9a7HSWlHfur6NSnQlrHhWOCDJBw5zpPu\nAKEfW5GvBaCdxdat1xTFqCu6h5387dtNsBlRrefp9q+fcrGj2Z351Lv7ccG5Co8T\ne/7iNyABu2fmi8x4WFQwS3PY4AsM/2sa+KHfXnttSXcQniXAccg6S1eCaWVqdNfZ\n3LPmeBC5gX3UqDNZTVv+kvHvv7EsD1/6bMeVZlKQZkYAeysbLWdjkA+88f6kaVwD\nqv6mWCGo5k7ZoWCUKD1Zjz8VwBT4EI/2II5D93QgblVkHDX9CESfipIjJBJp7aJ7\nwS2kvdXOko3JDaJbScpGmCnjCb5NhJ1KiBZSzXYHv3uhoqlI5QvYvC1bFHqC2GnT\ncF4syuMELN6nZ/Yoz8sJiT4Ilppz98vLerHbJoJZIPEOh15k8UKaFkdt5CpI8MGK\n4+sL2iWyTtCjGYGuhDkk0KyLcqijybv282VIkXDtAetpi8MTdsE=\n=eH9L\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: log4j security update\nAdvisory ID: RHSA-2022:5053-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5053\nIssue date: 2022-06-15\nCVE Names: CVE-2019-17571 \n=====================================================================\n\n1. Summary:\n\nAn update for log4j is now available for Red Hat Enterprise Linux 6\nExtended Lifecycle Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64\n\n3. Description:\n\nLog4j is a tool to help the programmer output log statements to a variety\nof output targets. \n\nSecurity Fix(es):\n\n* log4j: deserialization of untrusted data in SocketServer (CVE-2019-17571)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6 ELS):\n\nSource:\nlog4j-1.2.14-6.7.el6_10.src.rpm\n\ni386:\nlog4j-1.2.14-6.7.el6_10.i686.rpm\nlog4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm\n\ns390x:\nlog4j-1.2.14-6.7.el6_10.s390x.rpm\nlog4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm\n\nx86_64:\nlog4j-1.2.14-6.7.el6_10.x86_64.rpm\nlog4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6 ELS):\n\ni386:\nlog4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm\nlog4j-javadoc-1.2.14-6.7.el6_10.i686.rpm\nlog4j-manual-1.2.14-6.7.el6_10.i686.rpm\n\ns390x:\nlog4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm\nlog4j-javadoc-1.2.14-6.7.el6_10.s390x.rpm\nlog4j-manual-1.2.14-6.7.el6_10.s390x.rpm\n\nx86_64:\nlog4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm\nlog4j-javadoc-1.2.14-6.7.el6_10.x86_64.rpm\nlog4j-manual-1.2.14-6.7.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-17571\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYqnJeNzjgjWX9erEAQgGiQ/8DiTAwAZPNPQlrV5ItJ3I3AxT4ruBA995\nbPYquIN3zX0afhrGRMWTs/aD/4vYkbUtLA5QzqYlE1dsbleGHcAbxmSfY+wE8tE7\nBg02UGNI7bru25JPZE5lSuNA8McZw/aBRcorwhSVRiBQ1GbPMQqAimbrNx98r6Qe\nQLupPSuNmbczUOh9X4gbPoqEeIizf8MtYbMS+LbpeIZWH7rELk3t7o63MerkAIYi\nyWjXzL8Xn3ylflXUzdRNIJ8QZC+nU7kgib3Ugm4TbC9F5A0w7TiAomb9qnHOP+mW\n2HoGje7VZIeGX7rwtCIttW5Z9/LztkhXb/Yk1tzMM3Jo/HWgqoP8dULxian7L8aE\nDFlrGSbF0OQTDiYGVgGX2uW89Yi/XbX1nP7q0MtBq0D5P7z7yLKfHNyeksX+TFyV\nkxhUrHY8u3JLvWxWBoRzEH8TOhuoMXRIp/FkDpnnM6dDbwSyQsalGZzWnTqOHSwi\nsZDFnmuLQDUZQtslb4suSRgdQbu0xnvc+i38jbhoEOcH4xJGZnizRY/97wytq3Jp\nnBj2G0sRSMNlbcA4rr0zzTT6K/HiBhI9OWn3n76lj7jySFYrIUmPgCNhZy5dV1vx\nnK0c1WI+oRXn4xT4ekCYQUM/uysgWfeVLr9b2ArwaxMxvc4GiLA713gUgelejl6h\n9kT6WndTNP0=\n=VXI/\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-5998-1\nApril 05, 2023\n\napache-log4j1.2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache Log4j. \n\nSoftware Description:\n- apache-log4j1.2: Java-based open-source logging tool\n\nDetails:\n\nIt was discovered that the SocketServer component of Apache Log4j 1.2\nincorrectly handled deserialization. An attacker could possibly use this issue\nto execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. \n(CVE-2019-17571)\n\nIt was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly\nhandled deserialization. An attacker could possibly use this issue to execute\narbitrary code. (CVE-2022-23302)\n\nIt was discovered that Apache Log4j 1.2 incorrectly handled certain SQL\nstatements. A remote attacker could possibly use this issue to perform an SQL\ninjection attack and alter the database. This issue was only fixed in Ubuntu\n18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305)\n\nIt was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly\nhandled deserialization. An attacker could possibly use this issue to execute\narbitrary code. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04\nLTS. (CVE-2022-23307)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n liblog4j1.2-java 1.2.17-9ubuntu0.2\n\nUbuntu 18.04 LTS:\n liblog4j1.2-java 1.2.17-8+deb10u1ubuntu0.2\n\nUbuntu 16.04 ESM:\n liblog4j1.2-java 1.2.17-7ubuntu1+esm1\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202402-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Log4j: Multiple Vulnerabilities\n Date: February 18, 2024\n Bugs: #719146\n ID: 202402-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in Apache Log4j, the worst\nof which can lead to remote code execution. \n\nBackground\n==========\n\nLog4j is a Java logging framework that supports various use cases with a\nrich set of components, a separate API, and a performance-optimized\nimplementation. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------- ------------ ------------\ndev-java/log4j \u003c= 1.2.17 Vulnerable!\n\nDescription\n===========\n\nMultiple vulnerabilities hav been discovered in Apache Log4j. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for log4j. We recommend that users\nunmerge it:\n\n # emerge --ask --depclean \"dev-java/log4j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-17571\n https://nvd.nist.gov/vuln/detail/CVE-2019-17571\n[ 2 ] CVE-2020-9488\n https://nvd.nist.gov/vuln/detail/CVE-2020-9488\n[ 3 ] CVE-2020-9493\n https://nvd.nist.gov/vuln/detail/CVE-2020-9493\n[ 4 ] CVE-2022-23302\n https://nvd.nist.gov/vuln/detail/CVE-2022-23302\n[ 5 ] CVE-2022-23305\n https://nvd.nist.gov/vuln/detail/CVE-2022-23305\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202402-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17571",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159173",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165965",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165943",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0599",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0120.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2010",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0098",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0120",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021415",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072503",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012001",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149831",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-17571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168829",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177171",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"id": "VAR-201912-0889",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-22T20:10:54.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"title": "[jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"title": "[jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"title": "[jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"title": "[jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"title": "[CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"title": "Apache Log4j Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=105686"
},
{
"title": "Red Hat: Important: log4j security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225053 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-4686-1 apache-log4j1.2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9b0c6a9bccfd00e69ffdf79166adb985"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j1.2: CVE-2019-17571",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9b1a2b3bcff03a4370bb153cc1e9d89e"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220507 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220497 - security advisory"
},
{
"title": "IBM: Security Bulletin: The vanruability (net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact) found Network Performance Insight (CVE-2019-17571)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ef95ec07d1eed2c8e39fcac3eda0652d"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1562",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1562"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis (CVE-2019-17571, CVE-2020-9488)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=50fa9043c45905a52ed66dfe1c3ccd01"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b53b65c38e4d1ebaa2753d9afd7fa517"
},
{
"title": "IBM: Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a0cbd5f5df3a9f322684d99eeb2b9429"
},
{
"title": "Hello World for Apache Wicket 6.31.0-SNAPSHOT",
"trust": 0.1,
"url": "https://github.com/mahiratan/apache "
},
{
"title": "Deprecated",
"trust": 0.1,
"url": "https://github.com/michaeltandy/log4j-json "
},
{
"title": "FloreantPOS",
"trust": 0.1,
"url": "https://github.com/fat-tire/floreantpos "
},
{
"title": "Hello World for Apache Wicket 6.31.0-SNAPSHOT",
"trust": 0.1,
"url": "https://github.com/rajuyelagattu/gopi "
},
{
"title": "Hello World for Apache Wicket 6.31.0-SNAPSHOT",
"trust": 0.1,
"url": "https://github.com/janimakinen/hello-world-apache-wicket "
},
{
"title": "Fix-Signature Tracking (FixSigTrack)",
"trust": 0.1,
"url": "https://github.com/sa-ne/fixsigtrack "
},
{
"title": "OPEN HTML TO PDF",
"trust": 0.1,
"url": "https://github.com/orgtestcodacy11krepos110mb/repo-5360-openhtmltopdf "
},
{
"title": "Log4j RELP Plugin",
"trust": 0.1,
"url": "https://github.com/teragrep/jla_05 "
},
{
"title": "log4j-scanner",
"trust": 0.1,
"url": "https://github.com/bluestoneag/log4j-scanner "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/shadow-horse/cve-2019-17571 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17571"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200110-0001/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4686"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4495-1/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e%40%3cuser.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e%40%3clog4j-user.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2%40%3cdev.jena.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f%40%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc%40%3ccommits.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d%40%3ccommon-dev.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47%40%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b%40%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94%40%3cpluto-scm.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80%40%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-17571"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17571"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc@%3ccommits.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d@%3ccommon-dev.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2@%3cdev.jena.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e@%3clog4j-user.logging.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f@%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80@%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b@%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94@%3cpluto-scm.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47@%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e@%3cuser.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.debian.org/lts/security/2020/dla-2064"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014267-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200053-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200054-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2010"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-for-manufacturing-2-0-is-affected-by-vulnerabilities-of-log4j-1-2-17-log4j-deserialization-remote-code-execution-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165965/red-hat-security-advisory-2022-0507-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0120.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0098/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0120/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-log4j-vulnerability-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159173/ubuntu-security-notice-usn-4495-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-the-vanruability-net-sf-ehcache-blocking-in-fasterxml-jackson-databind-has-an-unknown-impact-found-network-performance-insight-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072503"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6519984"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0599"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167493/red-hat-security-advisory-2022-5053-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-ibm-java-runtime-log4j-and-apache-commons-affect-ibm-spectrum-protect-snapshot-for-vmware/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-ibm-lks-art-agent/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-found-in-apache-log4j-v1-x-may-affect-ibm-enterprise-records/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021018"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021415"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-disclosed-vulnerability/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-log4j-1-2-code-execution-via-socket-server-deserialization-31193"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012001"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165943/red-hat-security-advisory-2022-0497-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010302"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3154/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/solutions/625683)"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4495-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-8+deb10u1build0.18.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0507"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0497"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache-log4j1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5053"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5998-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-9ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-8+deb10u1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202402-16"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9493"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-149831"
},
{
"date": "2019-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"date": "2020-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"date": "2020-09-15T17:05:37",
"db": "PACKETSTORM",
"id": "159173"
},
{
"date": "2022-02-11T15:46:06",
"db": "PACKETSTORM",
"id": "165965"
},
{
"date": "2022-02-10T16:17:02",
"db": "PACKETSTORM",
"id": "165943"
},
{
"date": "2020-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "168829"
},
{
"date": "2022-06-20T00:19:05",
"db": "PACKETSTORM",
"id": "167493"
},
{
"date": "2023-04-06T14:37:27",
"db": "PACKETSTORM",
"id": "171759"
},
{
"date": "2024-02-19T14:10:03",
"db": "PACKETSTORM",
"id": "177171"
},
{
"date": "2019-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"date": "2019-12-20T17:15:11.893000",
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-149831"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"date": "2020-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"date": "2023-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"date": "2023-11-07T03:06:20.543000",
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Log4j Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
],
"trust": 0.6
}
}
var-202004-2199
Vulnerability from variot
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Summary:
An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1376706 - restore SerialNumber tag in caManualRenewal xml 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1406505 - KRA ECC installation failed with shared tomcat 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1666907 - CC: Enable AIA OCSP cert checking for entire cert chain 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page 1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page 1721684 - Rebase pki-servlet-engine to 9.0.30 1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. 1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page 1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp 1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server 1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI 1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak 1824939 - JSS: add RSA PSS support - RHEL 8.3 1824948 - add RSA PSS support - RHEL 8.3 1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8] 1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8] 1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password 1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired="true" but no secret 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException 1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing 1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates 1855319 - Not able to launch pkiconsole 1856368 - kra-key-generate request is failing 1857933 - CA Installation is failing with ncipher v12.30 HSM 1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request 1869893 - Common certificates are missing in CS.cfg on shared PKI instance 1871064 - replica install failing during pki-ca component configuration 1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update Advisory ID: RHSA-2022:6393-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:6393 Issue date: 2022-09-08 CVE Names: CVE-2020-11022 CVE-2020-11023 CVE-2021-22096 CVE-2021-23358 CVE-2022-2806 CVE-2022-31129 ==================================================================== 1. Summary:
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
-
nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
-
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
-
ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)
-
springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)
-
Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)
-
With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)
-
With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)
-
RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)
-
Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)
-
ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)
-
Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)
-
Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)
-
Rebase package(s) to version: 4.4.7. Highlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)
-
In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)
-
UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
-
1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function 1955388 - Auto Pinning Policy only pins some of the vCPUs on a single NUMA host 1974974 - Not possible to determine migration policy from the API, even though documentation reports that it can be done. 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2080005 - CVE-2022-2806 ovirt-log-collector: RHVM admin password is logged unfiltered 2092478 - Upgrade unboundid-ldapsdk to 6.0.4 2094577 - rhv-image-discrepancies must ignore small disks created by OCP 2097536 - [RFE] Add disk name and uuid to problems output 2097558 - Renew ovirt-provider-ovn.cer certificates during engine-setup 2097560 - Warning when ovsdb-server certificates are about to expire(OVN certificate) 2097725 - Certificate Warn period and automatic renewal via engine-setup do not match 2104115 - RHV 4.5 cannot import VMs with cpu pinning 2104831 - Upgrade ovirt-log-collector to 4.4.7 2104939 - Export OVA when using host with port other than 22 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2107250 - Upgrade of the host failed as the RHV 4.3 hypervisor is based on RHEL 7 with openssl 1.0.z, but RHV Manager 4.4 uses the openssl 1.1.z syntax 2107267 - ovirt-log-collector doesn't generate database dump 2108985 - RHV 4.4 SP1 EUS requires RHEL 8.6 EUS (RHEL 8.7+ releases are not supported on RHV 4.4 SP1 EUS) 2109923 - Error when importing templates in Admin portal
-
Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ovirt-engine-4.5.2.4-0.1.el8ev.src.rpm ovirt-engine-dwh-4.5.4-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.3.5-1.el8ev.src.rpm ovirt-log-collector-4.4.7-2.el8ev.src.rpm ovirt-web-ui-1.9.1-1.el8ev.src.rpm rhv-log-collector-analyzer-1.0.15-1.el8ev.src.rpm unboundid-ldapsdk-6.0.4-1.el8ev.src.rpm vdsm-jsonrpc-java-1.7.2-1.el8ev.src.rpm
noarch: ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-backend-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-dbscripts-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-dwh-4.5.4-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.4-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.5.4-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.6-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-restapi-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-base-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-tools-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-tools-backup-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.3.5-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm ovirt-log-collector-4.4.7-2.el8ev.noarch.rpm ovirt-web-ui-1.9.1-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.5.2.4-0.1.el8ev.noarch.rpm rhv-log-collector-analyzer-1.0.15-1.el8ev.noarch.rpm rhvm-4.5.2.4-0.1.el8ev.noarch.rpm unboundid-ldapsdk-6.0.4-1.el8ev.noarch.rpm unboundid-ldapsdk-javadoc-6.0.4-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.7.2-1.el8ev.noarch.rpm vdsm-jsonrpc-java-javadoc-1.7.2-1.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2021-22096 https://access.redhat.com/security/cve/CVE-2021-23358 https://access.redhat.com/security/cve/CVE-2022-2806 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYxnqRtzjgjWX9erEAQiQOw//XOS172gkbNeuoMSW1IYiEpJG4zQIvT2J VvyizOMlQzpe49Bkopu1zj/e8yM1eXNIg1elPzA3280z7ruNb4fkeoXT7vM5mB/0 jRAr1ja9ZHnZmEW60X3WVhEBjEXCeOv5CWBgqzdQWSB7RpPqfMP7/4kHGFnCPZxu V/n+Z9YKoDxeiW19tuTdU5E5cFySVV8JZAlfXlrR1dz815Ugsm2AMk6uPwjQ2+C7 Uz3zLQLjRjxFk+qSph8NYbOZGnUkypWQG5KXPMyk/Cg3jewjMkjAhzgcTJAdolRC q3p9kD5KdWRe+3xzjy6B4IsSSqvEyHphwrRv8wgk0vIAawfgi76+jL7n/C07rdpA Qg6zlDxmHDrZPC42dsW6dXJ1QefRQE5EzFFJcoycqvWdlRfXX6D1RZc5knSQb2iI 3iSh+hVwxY9pzNZVMlwtDHhw8dqvgw7JimToy8vOldgK0MdndwtVmKsKsRzu7HyL PQSvcN5lSv1X5FR2tnx9LMQXX1qn0P1d/8gTiRFm8Oabjx2r8I0/HNgnJpTSVSBO DXjKFDmwpiT+6tupM39ZbWek2hh+PoyMZJb/d6/YTND6VNlzUypq+DFtLILEaM8Z OjWz0YAL8/ihvhq0vSdFSMFcYKSWAOXA+6pSqe7N7WtB9hl0r7sLUaRSRHti1Ime uF/GLDTKkPw=8zTJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.1"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.1"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"model": "communications operations monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "financial services regulatory reporting for de nederlandsche bank",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "oss support tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.41"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.9"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.4"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"model": "banking enterprise collections",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.2"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "peoplesoft enterprise human capital management resources",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "communications analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "snapcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "banking enterprise collections",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.9.0.0.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "communications operations monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "siebel mobile",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.1"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.0.3"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "application express",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "20.2"
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jquery",
"scope": null,
"trust": 0.8,
"vendor": "jquery",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.0",
"versionStartIncluding": "1.0.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.70",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.14",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.8.6",
"versionStartIncluding": "8.8.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.4",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.9",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.41",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
],
"trust": 1.2
},
"cve": "CVE-2020-11023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-11023",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163560",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-11023",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11023",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-163560",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Summary:\n\nAn update for the pki-core:10.6 and pki-deps:10.6 modules is now available\nfor Red Hat Enterprise Linux 8. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1376706 - restore SerialNumber tag in caManualRenewal xml\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1406505 - KRA ECC installation failed with shared tomcat\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1666907 - CC: Enable AIA OCSP cert checking for entire cert chain\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page\n1710171 - CVE-2019-10146 pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page\n1721684 - Rebase pki-servlet-engine to 9.0.30\n1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. \n1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page\n1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp\n1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server\n1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI\n1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak\n1824939 - JSS: add RSA PSS support - RHEL 8.3\n1824948 - add RSA PSS support - RHEL 8.3\n1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab [rhel-8]\n1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in \u0027path length\u0027 constraint field in CA\u0027s Agent page [rhel-8]\n1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password\n1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired=\"true\" but no secret\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException\n1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing\n1855273 - CVE-2020-15720 pki: Dogtag\u0027s python client does not validate certificates\n1855319 - Not able to launch pkiconsole\n1856368 - kra-key-generate request is failing\n1857933 - CA Installation is failing with ncipher v12.30 HSM\n1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request\n1869893 - Common certificates are missing in CS.cfg on shared PKI instance\n1871064 - replica install failing during pki-ca component configuration\n1873235 - pki ca-user-cert-add with secure port failed with \u0027SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT\u0027\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update\nAdvisory ID: RHSA-2022:6393-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6393\nIssue date: 2022-09-08\nCVE Names: CVE-2020-11022 CVE-2020-11023 CVE-2021-22096\n CVE-2021-23358 CVE-2022-2806 CVE-2022-31129\n====================================================================\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function\n(CVE-2021-23358)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* ovirt-log-collector: RHVM admin password is logged unfiltered\n(CVE-2022-2806)\n\n* springframework: malicious input leads to insertion of additional log\nentries (CVE-2021-22096)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Previously, running engine-setup did not always renew OVN certificates\nclose to expiration or expired. With this release, OVN certificates are\nalways renewed by engine-setup when needed. (BZ#2097558)\n\n* Previously, the Manager issued warnings of approaching certificate\nexpiration before engine-setup could update certificates. In this release\nexpiration warnings and certificate update periods are aligned, and\ncertificates are updated as soon as expiration warnings occur. (BZ#2097725)\n\n* With this release, OVA export or import work on hosts with a non-standard\nSSH port. (BZ#2104939)\n\n* With this release, the certificate validity test is compatible with RHEL\n8 and RHEL 7 based hypervisors. (BZ#2107250)\n\n* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot\nuse RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)\n\n* Previously, importing templates from the Administration Portal did not\nwork. With this release, importing templates from the Administration Portal\nis possible. (BZ#2109923)\n\n* ovirt-provider-ovn certificate expiration is checked along with other RHV\ncertificates. If ovirt-provider-ovn is about to expire or already expired,\na warning or alert is raised in the audit log. To renew the\novirt-provider-ovn certificate, administators must run engine-setup. If\nyour ovirt-provider-ovn certificate expires on a previous RHV version,\nupgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate\nwill be renewed automatically in the engine-setup. (BZ#2097560)\n\n* Previously, when importing a virtual machine with manual CPU pinning, the\nmanual pinning string was cleared, but the CPU pinning policy was not set\nto NONE. As a result, importing failed. In this release, the CPU pinning\npolicy is set to NONE if the CPU pinning string is cleared, and importing\nsucceeds. (BZ#2104115)\n\n* Previously, the Manager could start a virtual machine with a Resize and\nPin NUMA policy on a host without an equal number of physical sockets to\nNUMA nodes. As a result, wrong pinning was assigned to the policy. With\nthis release, the Manager does not allow the virtual machine to be\nscheduled on such a virtual machine, and the pinning is correct based on\nthe algorithm. (BZ#1955388)\n\n* Rebase package(s) to version: 4.4.7. \nHighlights, important fixes, or notable enhancements: fixed BZ#2081676\n(BZ#2104831)\n\n* In this release, rhv-log-collector-analyzer provides detailed output for\neach problematic image, including disk names, associated virtual machine,\nthe host running the virtual machine, snapshots, and current SPM. The\ndetailed view is now the default. The compact option can be set by using\nthe --compact switch in the command line. (BZ#2097536)\n\n* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See\nhttps://github.com/pingidentity/ldapsdk/releases for changes since version\n4.0.14 (BZ#2092478)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. \n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n1955388 - Auto Pinning Policy only pins some of the vCPUs on a single NUMA host\n1974974 - Not possible to determine migration policy from the API, even though documentation reports that it can be done. \n2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries\n2080005 - CVE-2022-2806 ovirt-log-collector: RHVM admin password is logged unfiltered\n2092478 - Upgrade unboundid-ldapsdk to 6.0.4\n2094577 - rhv-image-discrepancies must ignore small disks created by OCP\n2097536 - [RFE] Add disk name and uuid to problems output\n2097558 - Renew ovirt-provider-ovn.cer certificates during engine-setup\n2097560 - Warning when ovsdb-server certificates are about to expire(OVN certificate)\n2097725 - Certificate Warn period and automatic renewal via engine-setup do not match\n2104115 - RHV 4.5 cannot import VMs with cpu pinning\n2104831 - Upgrade ovirt-log-collector to 4.4.7\n2104939 - Export OVA when using host with port other than 22\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2107250 - Upgrade of the host failed as the RHV 4.3 hypervisor is based on RHEL 7 with openssl 1.0.z, but RHV Manager 4.4 uses the openssl 1.1.z syntax\n2107267 - ovirt-log-collector doesn\u0027t generate database dump\n2108985 - RHV 4.4 SP1 EUS requires RHEL 8.6 EUS (RHEL 8.7+ releases are not supported on RHV 4.4 SP1 EUS)\n2109923 - Error when importing templates in Admin portal\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\novirt-engine-4.5.2.4-0.1.el8ev.src.rpm\novirt-engine-dwh-4.5.4-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.3.5-1.el8ev.src.rpm\novirt-log-collector-4.4.7-2.el8ev.src.rpm\novirt-web-ui-1.9.1-1.el8ev.src.rpm\nrhv-log-collector-analyzer-1.0.15-1.el8ev.src.rpm\nunboundid-ldapsdk-6.0.4-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.7.2-1.el8ev.src.rpm\n\nnoarch:\novirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-backend-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-dbscripts-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-dwh-4.5.4-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.5.4-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.5.4-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.6-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-restapi-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-base-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-tools-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-tools-backup-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.3.5-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-log-collector-4.4.7-2.el8ev.noarch.rpm\novirt-web-ui-1.9.1-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.5.2.4-0.1.el8ev.noarch.rpm\nrhv-log-collector-analyzer-1.0.15-1.el8ev.noarch.rpm\nrhvm-4.5.2.4-0.1.el8ev.noarch.rpm\nunboundid-ldapsdk-6.0.4-1.el8ev.noarch.rpm\nunboundid-ldapsdk-javadoc-6.0.4-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.7.2-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-javadoc-1.7.2-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2021-22096\nhttps://access.redhat.com/security/cve/CVE-2021-23358\nhttps://access.redhat.com/security/cve/CVE-2022-2806\nhttps://access.redhat.com/security/cve/CVE-2022-31129\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxnqRtzjgjWX9erEAQiQOw//XOS172gkbNeuoMSW1IYiEpJG4zQIvT2J\nVvyizOMlQzpe49Bkopu1zj/e8yM1eXNIg1elPzA3280z7ruNb4fkeoXT7vM5mB/0\njRAr1ja9ZHnZmEW60X3WVhEBjEXCeOv5CWBgqzdQWSB7RpPqfMP7/4kHGFnCPZxu\nV/n+Z9YKoDxeiW19tuTdU5E5cFySVV8JZAlfXlrR1dz815Ugsm2AMk6uPwjQ2+C7\nUz3zLQLjRjxFk+qSph8NYbOZGnUkypWQG5KXPMyk/Cg3jewjMkjAhzgcTJAdolRC\nq3p9kD5KdWRe+3xzjy6B4IsSSqvEyHphwrRv8wgk0vIAawfgi76+jL7n/C07rdpA\nQg6zlDxmHDrZPC42dsW6dXJ1QefRQE5EzFFJcoycqvWdlRfXX6D1RZc5knSQb2iI\n3iSh+hVwxY9pzNZVMlwtDHhw8dqvgw7JimToy8vOldgK0MdndwtVmKsKsRzu7HyL\nPQSvcN5lSv1X5FR2tnx9LMQXX1qn0P1d/8gTiRFm8Oabjx2r8I0/HNgnJpTSVSBO\nDXjKFDmwpiT+6tupM39ZbWek2hh+PoyMZJb/d6/YTND6VNlzUypq+DFtLILEaM8Z\nOjWz0YAL8/ihvhq0vSdFSMFcYKSWAOXA+6pSqe7N7WtB9hl0r7sLUaRSRHti1Ime\nuF/GLDTKkPw=8zTJ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11023",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "162160",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99394498",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94912830",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-306-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162651",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161830",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158797",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160548",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164887",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2694",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0620",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3823",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4248",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2714",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1351",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1066",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1916",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3663",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1961",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0585",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1863",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1519",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0824",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2375",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3255",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0923",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1804",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4421",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158406",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48902",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-60182",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49767",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012403",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072824",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052207",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072027",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011837",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042101",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163560",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"id": "VAR-202004-2199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:20:16.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2020-130 Software product security information",
"trust": 0.8,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"title": "jQuery Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=178501"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/162160/jquery-1.0.3-cross-site-scripting.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-jpcq-cgw6-v4j6"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.7,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.7,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
},
{
"trust": 1.7,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3ccommits.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3ccommits.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3ccommits.nifi.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99394498/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94912830/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3ccommits.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3ccommits.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3ccommits.nifi.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110301"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4248/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011837"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3823"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158797/red-hat-security-advisory-2020-3369-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161830/red-hat-security-advisory-2021-0860-01.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49767"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162651/red-hat-security-advisory-2021-1846-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3875/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520510"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0923"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2694/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2375/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2775/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1066"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5150"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1804/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0824"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042101"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1961/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1512"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48902"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-60182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022516"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1703"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2714/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160548/red-hat-security-advisory-2020-5412-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660.3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1863/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1519"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052207"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0585"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2525"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4421/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0620"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1351"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0583"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012403"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072824"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3663"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3255/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164887/red-hat-security-advisory-2021-4142-02.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6393"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://github.com/pingidentity/ldapsdk/releases"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1043"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163560"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852"
},
{
"date": "2022-09-08T14:41:25",
"db": "PACKETSTORM",
"id": "168304"
},
{
"date": "2023-03-02T15:19:28",
"db": "PACKETSTORM",
"id": "171213"
},
{
"date": "2023-03-02T15:19:19",
"db": "PACKETSTORM",
"id": "171212"
},
{
"date": "2023-01-31T17:21:40",
"db": "PACKETSTORM",
"id": "170821"
},
{
"date": "2023-01-31T17:16:43",
"db": "PACKETSTORM",
"id": "170817"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"date": "2020-04-29T21:15:11.743000",
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-163560"
},
{
"date": "2022-02-16T03:20:00",
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"date": "2023-11-07T03:14:27.553000",
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery\u00a0 Cross-site Scripting Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
],
"trust": 0.6
}
}
var-201804-1676
Vulnerability from variot
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update Advisory ID: RHSA-2018:2939-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2939 Issue date: 2018-10-17 CVE Names: CVE-2017-12617 CVE-2018-1260 CVE-2018-1270 CVE-2018-1271 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-7489 ==================================================================== 1. Summary:
An update is now available for Red Hat Fuse Integration Services.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift.
Security fix(es):
-
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
-
spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
spring-framework: Possible RCE via spring messaging (CVE-2018-1270)
-
spring-security-oauth: remote code execution in the authorization process (CVE-2018-1260)
-
tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)
-
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
-
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
-
tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Updating instructions and release notes may be found at:
https://access.redhat.com/articles/3060411
- Bugs fixed (https://bugzilla.redhat.com/):
1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries 1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
- References:
https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2018-1260 https://access.redhat.com/security/cve/CVE-2018-1270 https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-7489 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip T8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK yGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw 8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec P89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5 rzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow ybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf h71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr Y6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/ NygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg /RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh bunfRFjDlIY=l0NF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.16"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.5"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail point-of-sale",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "retail point-of-sale",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.2"
},
{
"model": "fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0.0"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.1"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.15"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.1"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.9"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.14"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.15"
}
],
"sources": [
{
"db": "BID",
"id": "103696"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alvaro Munoz (@pwntester) Micro Focus Fortify.",
"sources": [
{
"db": "BID",
"id": "103696"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1270",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122685",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1270",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1270",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-245",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-122685",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1270",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122685"
},
{
"db": "VULMON",
"id": "CVE-2018-1270"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update\nAdvisory ID: RHSA-2018:2939-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2939\nIssue date: 2018-10-17\nCVE Names: CVE-2017-12617 CVE-2018-1260 CVE-2018-1270\n CVE-2018-1271 CVE-2018-1275 CVE-2018-1304\n CVE-2018-1305 CVE-2018-1336 CVE-2018-7489\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Fuse Integration Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse Integration Services provides a set of tools and containerized\nxPaaS images that enable development, deployment, and management of\nintegration microservices within OpenShift. \n\nSecurity fix(es):\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe\nserialization via c3p0 libraries (CVE-2018-7489)\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* spring-framework: Possible RCE via spring messaging (CVE-2018-1270)\n\n* spring-security-oauth: remote code execution in the authorization process\n(CVE-2018-1260)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nUpdating instructions and release notes may be found at:\n\nhttps://access.redhat.com/articles/3060411\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries\n1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process\n1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-12617\nhttps://access.redhat.com/security/cve/CVE-2018-1260\nhttps://access.redhat.com/security/cve/CVE-2018-1270\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1275\nhttps://access.redhat.com/security/cve/CVE-2018-1304\nhttps://access.redhat.com/security/cve/CVE-2018-1305\nhttps://access.redhat.com/security/cve/CVE-2018-1336\nhttps://access.redhat.com/security/cve/CVE-2018-7489\nhttps://access.redhat.com/security/updates/classification/#critical\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip\nT8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK\nyGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw\n8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec\nP89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5\nrzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow\nybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf\nh71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr\nY6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/\nNygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg\n/RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh\nbunfRFjDlIY=l0NF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "BID",
"id": "103696"
},
{
"db": "VULHUB",
"id": "VHN-122685"
},
{
"db": "VULMON",
"id": "CVE-2018-1270"
},
{
"db": "PACKETSTORM",
"id": "149847"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1270",
"trust": 3.0
},
{
"db": "BID",
"id": "103696",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "44796",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1395",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201804-245",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "147974",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-97214",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-122685",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1270",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149847",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122685"
},
{
"db": "VULMON",
"id": "CVE-2018-1270"
},
{
"db": "BID",
"id": "103696"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"id": "VAR-201804-1676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122685"
}
],
"trust": 0.01
},
"last_update_date": "2024-01-03T12:23:41.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1270: Remote Code Execution with spring-messaging",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1270"
},
{
"title": "Pivotal Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83088"
},
{
"title": "Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182939 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf592ea3b0a1913a29c923afe44cd4b7"
},
{
"title": "Red Hat: CVE-2018-1270",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1270"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "CVE-2018-1270",
"trust": 0.1,
"url": "https://github.com/venscor/cve-2018-1270 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1270"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "CWE-358",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122685"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "NVD",
"id": "CVE-2018-1270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/103696"
},
{
"trust": 2.0,
"url": "https://pivotal.io/security/cve-2018-1270"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2939"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/44796/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1270"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1270"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75922"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1395"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-1270"
},
{
"trust": 0.3,
"url": "http://pivotal.io/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3060411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122685"
},
{
"db": "BID",
"id": "103696"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122685"
},
{
"db": "VULMON",
"id": "CVE-2018-1270"
},
{
"db": "BID",
"id": "103696"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-122685"
},
{
"date": "2018-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1270"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103696"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"date": "2018-10-18T03:51:21",
"db": "PACKETSTORM",
"id": "149847"
},
{
"date": "2018-04-06T13:29:00.453000",
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"date": "2018-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-122685"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1270"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103696"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003097"
},
{
"date": "2023-11-07T02:55:54.230000",
"db": "NVD",
"id": "CVE-2018-1270"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerabilities related to security checks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003097"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-245"
}
],
"trust": 0.6
}
}
var-201704-1589
Vulnerability from variot
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2017-5645)
-
A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
-
A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)
-
A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
-
Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used 1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- JIRA issues fixed (https://issues.jboss.org/):
JWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs JWS-667 - Subject incorrectly removed from user session JWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain JWS-709 - RPM missing selinux-policy dependency JWS-716 - Backport 60087 for Tomcat 8 JWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites JWS-721 - CORS filter Vary header missing JWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2 JWS-741 - Configurations in conf.d are not applied JWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar's manifest file
- (CVE-2017-7525)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
The References section of this erratum contains a download link (you must log in to download the update). Description:
The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). (CVE-2017-5645)
-
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
-
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644)
-
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. (CVE-2017-2582)
-
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). JIRA issues fixed (https://issues.jboss.org/):
JBEAP-11487 - jboss-ec2-eap for EAP 7.0.8
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-java-common-log4j security update Advisory ID: RHSA-2017:1417-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1417 Issue date: 2017-06-08 CVE Names: CVE-2017-5645 =====================================================================
- Summary:
An update for rh-java-common-log4j is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
Log4j is a tool to help the programmer output log statements to a variety of output targets. (CVE-2017-5645)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf ceYEsokMPo3LCY/99DiysrI= =wZ5c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications converged application server - service controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.7"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.1"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4"
},
{
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.1.0"
},
{
"model": "communications messaging server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.8131"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications online mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.3.0"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.8"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.1.1"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.9"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.5"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2"
},
{
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.3.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.7.4297"
},
{
"model": "financial services lending and leasing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.8.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4.0.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.8.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "enterprise manager for mysql database",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2.0.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "peoplesoft enterprise fin install",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "financial services lending and leasing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "identity analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.5.8"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "communications service broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.8.49"
},
{
"model": "fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.1.2.12"
},
{
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.5"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.2"
},
{
"model": "utilities advanced spatial and operational analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0.1"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.2"
},
{
"model": "goldengate",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.4.5235"
},
{
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "log4j",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.8.2"
},
{
"model": "log4j",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.2",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.2.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.0.8131",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.4.5235",
"versionStartIncluding": "4.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.7.4297",
"versionStartIncluding": "3.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7.0.0",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.4.0.0",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7.0.0",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.3.0.2",
"versionStartIncluding": "7.3.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.8.0",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:12.3.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 0.8
},
"cve": "CVE-2017-5645",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5645",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113848",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5645",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5645",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113848",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a\nreplacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which\nare documented in the Release Notes document linked to in the References. (CVE-2017-5645)\n\n* A vulnerability was discovered in tomcat\u0027s handling of pipelined requests\nwhen \"Sendfile\" was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. (CVE-2017-5664)\n\n* A vulnerability was discovered in tomcat. When running an untrusted\napplication under a SecurityManager it was possible, under some\ncircumstances, for that application to retain references to the request or\nresponse objects and thereby access and/or modify information associated\nwith another web application. (CVE-2017-5648)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used\n1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs\nJWS-667 - Subject incorrectly removed from user session\nJWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain\nJWS-709 - RPM missing selinux-policy dependency\nJWS-716 - Backport 60087 for Tomcat 8\nJWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites\nJWS-721 - CORS filter Vary header missing\nJWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2\nJWS-741 - Configurations in conf.d are not applied\nJWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar\u0027s manifest file\n\n7. \n(CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting\nCVE-2017-7525. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nThe eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss\nEnterprise Application Platform running on the Amazon Web Services (AWS)\nElastic Compute Cloud (EC2). (CVE-2017-5645)\n\n* A vulnerability was found in Jasypt that would allow an attacker to\nperform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that an information disclosure flaw in Bouncy Castle could\nenable a local malicious application to gain access to user\u0027s private\ninformation. (CVE-2015-6644)\n\n* It was found that while parsing the SAML messages the StaxParserUtil\nclass of Picketlink replaces special strings for obtaining attribute values\nwith system property. This could allow an attacker to determine values of\nsystem properties at the attacked system by formatting the SAML request ID\nfield to be the chosen system property which could be obtained in the\n\"InResponseTo\" field in the response. (CVE-2017-2582)\n\n* It was found that when the security manager\u0027s reflective permissions,\nwhich allows it to access the private members of the class, are granted to\nHibernate Validator, a potential privilege escalation can occur. By\nallowing the calling code to access those private members without the\npermission an attacker may be able to validate an invalid instance and\naccess the private member value via ConstraintViolation#getInvalidValue(). JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-11487 - jboss-ec2-eap for EAP 7.0.8\n\n7. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-java-common-log4j security update\nAdvisory ID: RHSA-2017:1417-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1417\nIssue date: 2017-06-08\nCVE Names: CVE-2017-5645 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-java-common-log4j is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nLog4j is a tool to help the programmer output log statements to a variety\nof output targets. (CVE-2017-5645)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5645\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf\nceYEsokMPo3LCY/99DiysrI=\n=wZ5c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5645",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/12/19/2",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1041294",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040200",
"trust": 1.1
},
{
"db": "BID",
"id": "97702",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "143500",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144014",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144017",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143499",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144019",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142856",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144018",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143670",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144596",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145262",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-852",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92965",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144359",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"id": "VAR-201704-1589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:55:11.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LOG4J2-1863",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/log4j2-1863"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:1417"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2633"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2635"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2636"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2638"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2811"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97702"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/log4j2-1863"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20181107-0002/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/12/19/2"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2423"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2637"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2808"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2809"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2810"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2888"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2889"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3244"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3399"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3400"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1545"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040200"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1041294"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3cissues.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3ccommits.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3ccommits.doris.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3cdev.tika.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5645"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-7525"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform?version=6.4/"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5648"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5648"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3cannounce.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3cissues.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3ccommits.doris.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3ccommits.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=3.1"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2017-1802.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/2435491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-2582"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-113848"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"date": "2017-07-25T23:14:47",
"db": "PACKETSTORM",
"id": "143499"
},
{
"date": "2017-09-05T23:44:00",
"db": "PACKETSTORM",
"id": "144014"
},
{
"date": "2017-09-06T04:16:42",
"db": "PACKETSTORM",
"id": "144019"
},
{
"date": "2017-09-05T23:23:00",
"db": "PACKETSTORM",
"id": "144013"
},
{
"date": "2017-07-25T23:15:33",
"db": "PACKETSTORM",
"id": "143500"
},
{
"date": "2017-09-06T04:16:30",
"db": "PACKETSTORM",
"id": "144017"
},
{
"date": "2017-09-27T06:16:15",
"db": "PACKETSTORM",
"id": "144359"
},
{
"date": "2017-06-08T14:39:46",
"db": "PACKETSTORM",
"id": "142856"
},
{
"date": "2017-04-17T21:59:00.373000",
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-113848"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"date": "2023-11-07T02:49:28.583000",
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 0.5
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 0.5
}
}
var-202009-1633
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind 2.0 series prior to 2.9.10.6 has a security vulnerability, which originates from com.pastdev.httpcomponents.configuration.JndiConfiguration. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:4173-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:4173 Issue date: 2020-10-05 CVE Names: CVE-2020-24750 ==================================================================== 1. Summary:
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
- jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3s4DtzjgjWX9erEAQhtzQ/+KJm3W2dfbUqCVcdtymA4f4UfDt0LFXTP T5AuDJQk5evqIQWpnV/bgbpnIhkGLFVW6AWAQK0pnT5Zl4HK33+sNOTRHKpey0PR j3C43AuFL68XeWVKX8iJdAo42s/a3K4QjEgofXiXfDipPxg356zb8lm4RiXlx9db LMgXAL0uKDzv+4HYcEmOY7A+8rDB4GwLLDmj2J6ZyahNLOECJbO7CdPVEUeT/cFN 32vYBoxmLw1CahI5RcpiebibLA2SRss84iG+/NceptBTfqQzcHVipBHzryOUNsVz PHCcgDAi0KiNR8ugj142CBcVmW6nu3WCipqxjQ86cRx3r2yu5B3yTlAMxjaBxHIC usxO7BPuiK+6Cizw0Qd/DaI0e2YkEvGJ6OwDxEB27j3id9IB9Q1n6qucZH8vahAi gJv/W+Ij1Ff1OaNVZIfXLFAnloVZAy6jBXvwzZNJWOkbHPRjbcz8JJWOt5v4AbsR DKKLs+EoxE+3GPJdTL1EAgA+rrEmbtXVHyuqamf89H5LD2yGjJF8IJkk1ei9b3FJ /hj8UXrfKYnfSM0Q/UnqQbTWXYjqhjJpkrTXTIFR2zZxnaYNOaH/lmMfBpvBEYBW K0I0Y47LoZnt2P+kaJnHWu+uuuETIkrThNZK+JH1qFzhjYfc2AGcB9r2SMAWEARI LOeqeMsgpVs=jbsa -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs.
Bug Fix(es):
-
Gather image registry config (backport to 4.3) (BZ#1836815)
-
Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)
-
Login with OpenShift not working after cluster upgrade (BZ#1852429)
-
Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)
-
[4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)
-
[release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64
The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le
The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc
- Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHEA-2020:5633
All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1633",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.6"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "banking liquidity management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking liquidity management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "siebel core - server framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.5"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.5.0"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking liquidity management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "agile product lifecycle management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications calendar server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications contacts server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications diameter signaling router",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.6",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159466"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1066"
}
],
"trust": 1.1
},
"cve": "CVE-2020-24750",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-24750",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-178660",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24750",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-24750",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-178660",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-24750",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178660"
},
{
"db": "VULMON",
"id": "CVE-2020-24750"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1066"
},
{
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind 2.0 series prior to 2.9.10.6 has a security vulnerability, which originates from com.pastdev.httpcomponents.configuration.JndiConfiguration. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:4173-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4173\nIssue date: 2020-10-05\nCVE Names: CVE-2020-24750\n====================================================================\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3s4DtzjgjWX9erEAQhtzQ/+KJm3W2dfbUqCVcdtymA4f4UfDt0LFXTP\nT5AuDJQk5evqIQWpnV/bgbpnIhkGLFVW6AWAQK0pnT5Zl4HK33+sNOTRHKpey0PR\nj3C43AuFL68XeWVKX8iJdAo42s/a3K4QjEgofXiXfDipPxg356zb8lm4RiXlx9db\nLMgXAL0uKDzv+4HYcEmOY7A+8rDB4GwLLDmj2J6ZyahNLOECJbO7CdPVEUeT/cFN\n32vYBoxmLw1CahI5RcpiebibLA2SRss84iG+/NceptBTfqQzcHVipBHzryOUNsVz\nPHCcgDAi0KiNR8ugj142CBcVmW6nu3WCipqxjQ86cRx3r2yu5B3yTlAMxjaBxHIC\nusxO7BPuiK+6Cizw0Qd/DaI0e2YkEvGJ6OwDxEB27j3id9IB9Q1n6qucZH8vahAi\ngJv/W+Ij1Ff1OaNVZIfXLFAnloVZAy6jBXvwzZNJWOkbHPRjbcz8JJWOt5v4AbsR\nDKKLs+EoxE+3GPJdTL1EAgA+rrEmbtXVHyuqamf89H5LD2yGjJF8IJkk1ei9b3FJ\n/hj8UXrfKYnfSM0Q/UnqQbTWXYjqhjJpkrTXTIFR2zZxnaYNOaH/lmMfBpvBEYBW\nK0I0Y47LoZnt2P+kaJnHWu+uuuETIkrThNZK+JH1qFzhjYfc2AGcB9r2SMAWEARI\nLOeqeMsgpVs=jbsa\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24750"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-178660"
},
{
"db": "VULMON",
"id": "CVE-2020-24750"
},
{
"db": "PACKETSTORM",
"id": "159466"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "PACKETSTORM",
"id": "161536"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24750",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159466",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3631",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0691",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3449",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072820",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042534",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041931",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072725",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042318",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021426",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1066",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-178660",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-24750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161536",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178660"
},
{
"db": "VULMON",
"id": "CVE-2020-24750"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "PACKETSTORM",
"id": "159466"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1066"
},
{
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"id": "VAR-202009-1633",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-178660"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-19T22:54:37.042000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-109",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
},
{
"title": "FasterXML jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129712"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204173 - security advisory"
},
{
"title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204264 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "CVE-2020-24750",
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-24750 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pctf/vulnerable-app "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24750"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/2798"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-jackson-databind-shipped-with-ibm-cloud-pak-system-cve-2020-24750/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159466/red-hat-security-advisory-2020-4173-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072820"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021426"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041931"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012315"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042318"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-8/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042534"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0616"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3449/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072725"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2780"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2812"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhea-2020:5633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3898"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "PACKETSTORM",
"id": "159466"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1066"
},
{
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-178660"
},
{
"db": "VULMON",
"id": "CVE-2020-24750"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"db": "PACKETSTORM",
"id": "159466"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1066"
},
{
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-178660"
},
{
"date": "2020-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24750"
},
{
"date": "2021-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"date": "2020-10-05T17:20:49",
"db": "PACKETSTORM",
"id": "159466"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2020-10-21T15:40:32",
"db": "PACKETSTORM",
"id": "159661"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-02-25T15:26:54",
"db": "PACKETSTORM",
"id": "161536"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1066"
},
{
"date": "2020-09-17T19:15:13.580000",
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-178660"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24750"
},
{
"date": "2021-04-02T05:20:00",
"db": "JVNDB",
"id": "JVNDB-2020-011430"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1066"
},
{
"date": "2023-09-13T14:56:17.593000",
"db": "NVD",
"id": "CVE-2020-24750"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1066"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011430"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202008-1215
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). FasterXML jackson-databind Exists in a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Versions earlier than 2.9.10.6 in the FasterXML jackson-databind 2.x series have security vulnerabilities. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.6"
},
{
"model": "banking liquidity management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.5.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking liquidity management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking liquidity management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"cve": "CVE-2020-24616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008259",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-178512",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-24616",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008259",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-24616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008259",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1195",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-178512",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-24616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178512"
},
{
"db": "VULMON",
"id": "CVE-2020-24616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1195"
},
{
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). FasterXML jackson-databind Exists in a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Versions earlier than 2.9.10.6 in the FasterXML jackson-databind 2.x series have security vulnerabilities. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "VULHUB",
"id": "VHN-178512"
},
{
"db": "VULMON",
"id": "CVE-2020-24616"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24616",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1195",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-48577",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-178512",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-24616",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178512"
},
{
"db": "VULMON",
"id": "CVE-2020-24616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1195"
},
{
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"id": "VAR-202008-1215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-178512"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-20T01:12:46.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Update Jackson-databind to 2.9.10.6 #902",
"trust": 0.8,
"url": "https://github.com/cryptonomic/conseil/issues/902"
},
{
"title": "FasterXML jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127486"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "cve-2020-24616-poc",
"trust": 0.1,
"url": "https://github.com/kamimuka/cve-2020-24616-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1195"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "CWE-94",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178512"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/2814"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24616"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-24616"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3558/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerability-cve-2020-24616-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to-v4-0/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-br-com-anteros-anteros-dbc-33951"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178512"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1195"
},
{
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-178512"
},
{
"db": "VULMON",
"id": "CVE-2020-24616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1195"
},
{
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-178512"
},
{
"date": "2020-08-25T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24616"
},
{
"date": "2020-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1195"
},
{
"date": "2020-08-25T18:15:11.133000",
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-178512"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24616"
},
{
"date": "2020-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008259"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1195"
},
{
"date": "2023-11-07T03:20:08.953000",
"db": "NVD",
"id": "CVE-2020-24616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1195"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Code injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008259"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1195"
}
],
"trust": 0.6
}
}
var-201804-1673
Vulnerability from variot
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. NOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update Advisory ID: RHSA-2018:1320-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2018:1320 Issue date: 2018-05-03 CVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 =====================================================================
- Summary:
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
-
spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
-
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
- References:
https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1272 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=1.5.12 https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth c3tFEafC+xcftRfJKlS6jU4= =NRhi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1673",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.16"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.5"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.16"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.1"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "5.0.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.15"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.14"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.4"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications online mediation controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "-6.1"
},
{
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "-6.0"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.16"
},
{
"model": "communications webrtc session controller",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
}
],
"sources": [
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.16",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and 0c0c0f.,rwx, Christoph Dreis",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
],
"trust": 0.6
},
"cve": "CVE-2018-1275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1275",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122740",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1275",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1275",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-563",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-122740",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1275",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \nNOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update\nAdvisory ID: RHSA-2018:1320-01\nProduct: Red Hat OpenShift Application Runtimes\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:1320\nIssue date: 2018-05-03\nCVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 \n CVE-2018-1304 CVE-2018-1305 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat OpenShift Application Runtimes. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform. \n\nThis release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR\nSpring Boot 1.5.10, and includes bug fixes and enhancements. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1272\nhttps://access.redhat.com/security/cve/CVE-2018-1275\nhttps://access.redhat.com/security/cve/CVE-2018-1304\nhttps://access.redhat.com/security/cve/CVE-2018-1305\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=1.5.12\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth\nc3tFEafC+xcftRfJKlS6jU4=\n=NRhi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1275",
"trust": 3.1
},
{
"db": "BID",
"id": "103771",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041301",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122740",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147489",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"id": "VAR-201804-1673",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-25T23:13:07.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1275: Address partial fix for CVE-2018-1270",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1275"
},
{
"title": "Pivotal Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83325"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/"
},
{
"title": "Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182939 - security advisory"
},
{
"title": "Red Hat: CVE-2018-1275",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1275"
},
{
"title": "Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf592ea3b0a1913a29c923afe44cd4b7"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "PPPRASP\n0x00 Start\n0x01 \u57fa\u672c\u6f0f\u6d1e\u68c0\u6d4b\u7c7b\u578b ing\n0x02 CVE\u6f0f\u6d1e\u68c0\u6d4b",
"trust": 0.1,
"url": "https://github.com/whoopsunix/ppprasp "
},
{
"title": "https://github.com/bkhablenko/CVE-2017-8046",
"trust": 0.1,
"url": "https://github.com/bkhablenko/cve-2017-8046 "
},
{
"title": "gocarts(go-CERT-alerts-summarizer)\nAbstract\nMain features\nUsage\nFetch JPCERT\nFetch USCERT\nSearch mode\nOutput Mode\nLicense\nAuthor",
"trust": 0.1,
"url": "https://github.com/tomoyamachi/gocarts "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "CWE-358",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/103771"
},
{
"trust": 2.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1275"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:1320"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2939"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041301"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275"
},
{
"trust": 0.9,
"url": "http://pivotal.io/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1275"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/whoopsunix/ppprasp"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1270"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3060411"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.spring.boot\u0026version=1.5.12"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1272"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-122740"
},
{
"date": "2018-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"date": "2018-04-13T00:00:00",
"db": "BID",
"id": "103771"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"date": "2018-10-18T03:51:21",
"db": "PACKETSTORM",
"id": "149847"
},
{
"date": "2018-05-04T01:11:44",
"db": "PACKETSTORM",
"id": "147489"
},
{
"date": "2018-04-11T13:29:00.353000",
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"date": "2018-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-122740"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "103771"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"date": "2023-11-07T02:55:54.387000",
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerabilities related to security checks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
],
"trust": 0.6
}
}
var-202001-1870
Vulnerability from variot
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. Spring Framework Contains a vulnerability in the integrity verification of downloaded code.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. A cross-site scripting vulnerability exists in Pivotal Software Spring Framework 5.2.x prior to 5.2.3, 5.1.x prior to 5.1.13, and 5.0.x prior to 5.0.16. A remote attacker could exploit this vulnerability to obtain sensitive information by conducting a Reflected File Download (RFD) attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Fuse 7.8.0 release and security update Advisory ID: RHSA-2020:5568-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568 Issue date: 2020-12-16 CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210 CVE-2019-2692 CVE-2019-3773 CVE-2019-3774 CVE-2019-10202 CVE-2019-10219 CVE-2019-11777 CVE-2019-12406 CVE-2019-12423 CVE-2019-13990 CVE-2019-14900 CVE-2019-17566 CVE-2019-17638 CVE-2019-19343 CVE-2020-1714 CVE-2020-1719 CVE-2020-1950 CVE-2020-1960 CVE-2020-5398 CVE-2020-7226 CVE-2020-9488 CVE-2020-9489 CVE-2020-10683 CVE-2020-10740 CVE-2020-11612 CVE-2020-11971 CVE-2020-11972 CVE-2020-11973 CVE-2020-11980 CVE-2020-11989 CVE-2020-11994 CVE-2020-13692 CVE-2020-13933 CVE-2020-14326 ==================================================================== 1. Summary:
A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
libquartz: XXE attacks via job description (CVE-2019-13990)
-
jetty: double release of resource can lead to information disclosure (CVE-2019-17638)
-
keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)
-
springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398)
-
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
-
camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972)
-
camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973)
-
shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989)
-
camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994)
-
postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)
-
shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933)
-
RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)
-
jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873)
-
thrift: Endless loop when feed with specific input data (CVE-2019-0205)
-
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
-
mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692)
-
spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773)
-
spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774)
-
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202)
-
hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
-
org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777)
-
cxf: does not restrict the number of message attachments (CVE-2019-12406)
-
cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
-
hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
-
batik: SSRF via "xlink:href" (CVE-2019-17566)
-
Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343)
-
Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
-
apache-flink: JMX information disclosure vulnerability (CVE-2020-1960)
-
cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)
-
tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489)
-
dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
-
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
-
camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971)
-
karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980)
-
tika: excessive memory usage in PSDParser (CVE-2020-1950)
-
log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/
- Bugs fixed (https://bugzilla.redhat.com/):
1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library
- References:
https://access.redhat.com/security/cve/CVE-2018-1000873 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-2692 https://access.redhat.com/security/cve/CVE-2019-3773 https://access.redhat.com/security/cve/CVE-2019-3774 https://access.redhat.com/security/cve/CVE-2019-10202 https://access.redhat.com/security/cve/CVE-2019-10219 https://access.redhat.com/security/cve/CVE-2019-11777 https://access.redhat.com/security/cve/CVE-2019-12406 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-13990 https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2019-17638 https://access.redhat.com/security/cve/CVE-2019-19343 https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1950 https://access.redhat.com/security/cve/CVE-2020-1960 https://access.redhat.com/security/cve/CVE-2020-5398 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9489 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11971 https://access.redhat.com/security/cve/CVE-2020-11972 https://access.redhat.com/security/cve/CVE-2020-11973 https://access.redhat.com/security/cve/CVE-2020-11980 https://access.redhat.com/security/cve/CVE-2020-11989 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/cve/CVE-2020-13692 https://access.redhat.com/security/cve/CVE-2020-13933 https://access.redhat.com/security/cve/CVE-2020-14326 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd 7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN 0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0 Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA f8t2frnd7kM=jGVK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications billing and revenue management elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "data availability services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications billing and revenue management elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.12"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "insurance calculation engine",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.16"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.1.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.0"
},
{
"model": "siebel engineering - installer \\\u0026 deployment",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "insurance calculation engine",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.1.13"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.20"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "spring framework",
"scope": null,
"trust": 0.8,
"vendor": "pivotal",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.16",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.13",
"versionStartIncluding": "5.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.12",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5398"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160562"
}
],
"trust": 0.1
},
"cve": "CVE-2020-5398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-5398",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-183523",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security@pivotal.io",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-5398",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5398",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@pivotal.io",
"id": "CVE-2020-5398",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-839",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-183523",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-5398",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input. Spring Framework Contains a vulnerability in the integrity verification of downloaded code.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. A cross-site scripting vulnerability exists in Pivotal Software Spring Framework 5.2.x prior to 5.2.3, 5.1.x prior to 5.1.13, and 5.0.x prior to 5.0.16. A remote attacker could exploit this vulnerability to obtain sensitive information by conducting a Reflected File Download (RFD) attack. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.8.0 release and security update\nAdvisory ID: RHSA-2020:5568-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5568\nIssue date: 2020-12-16\nCVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210\n CVE-2019-2692 CVE-2019-3773 CVE-2019-3774\n CVE-2019-10202 CVE-2019-10219 CVE-2019-11777\n CVE-2019-12406 CVE-2019-12423 CVE-2019-13990\n CVE-2019-14900 CVE-2019-17566 CVE-2019-17638\n CVE-2019-19343 CVE-2020-1714 CVE-2020-1719\n CVE-2020-1950 CVE-2020-1960 CVE-2020-5398\n CVE-2020-7226 CVE-2020-9488 CVE-2020-9489\n CVE-2020-10683 CVE-2020-10740 CVE-2020-11612\n CVE-2020-11971 CVE-2020-11972 CVE-2020-11973\n CVE-2020-11980 CVE-2020-11989 CVE-2020-11994\n CVE-2020-13692 CVE-2020-13933 CVE-2020-14326\n====================================================================\n1. Summary:\n\nA minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nThis release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse\n7.7, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* libquartz: XXE attacks via job description (CVE-2019-13990)\n\n* jetty: double release of resource can lead to information disclosure\n(CVE-2019-17638)\n\n* keycloak: Lack of checks in ObjectInputStream leading to Remote Code\nExecution (CVE-2020-1714)\n\n* springframework: RFD attack via Content-Disposition Header sourced from\nrequest input by Spring MVC or Spring WebFlux Application (CVE-2020-5398)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* camel: RabbitMQ enables Java deserialization by default which could leed\nto remote code execution (CVE-2020-11972)\n\n* camel: Netty enables Java deserialization by default which could leed to\nremote code execution (CVE-2020-11973)\n\n* shiro: spring dynamic controllers, a specially crafted request may cause\nan authentication bypass (CVE-2020-11989)\n\n* camel: server-side template injection and arbitrary file disclosure on\ntemplating components (CVE-2020-11994)\n\n* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML\n(CVE-2020-13692)\n\n* shiro: specially crafted HTTP request may cause an authentication bypass\n(CVE-2020-13933)\n\n* RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)\n\n* jackson-modules-java8: DoS due to an Improper Input Validation\n(CVE-2018-1000873)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* mysql-connector-java: privilege escalation in MySQL connector\n(CVE-2019-2692)\n\n* spring-ws: XML External Entity Injection (XXE) when receiving XML data\nfrom untrusted sources (CVE-2019-3773)\n\n* spring-batch: XML External Entity Injection (XXE) when receiving XML data\nfrom untrusted sources (CVE-2019-3774)\n\n* codehaus: incomplete fix for unsafe deserialization in jackson-databind\nvulnerabilities (CVE-2019-10202)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT\nlibrary (CVE-2019-11777)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12423)\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Undertow: Memory Leak in Undertow HttpOpenListener due to holding\nremoting connections indefinitely (CVE-2019-19343)\n\n* Wildfly: EJBContext principal is not popped back after invoking another\nEJB using a different Security Domain (CVE-2020-1719)\n\n* apache-flink: JMX information disclosure vulnerability (CVE-2020-1960)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* tika-core: Denial of Service Vulnerabilities in Some of Apache Tika\u0027s\nParsers (CVE-2020-9489)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer\nallocation sizes (CVE-2020-11612)\n\n* camel: DNS Rebinding in JMX Connector could result in remote command\nexecution (CVE-2020-11971)\n\n* karaf: A remote client could create MBeans from arbitrary URLs\n(CVE-2020-11980)\n\n* tika: excessive memory usage in PSDParser (CVE-2020-1950)\n\n* log4j: improper validation of certificate with host mismatch in SMTP\nappender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.8.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources\n1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector\n1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution\n1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities\n1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application\n1801149 - CVE-2019-13990 libquartz: XXE attacks via job description\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability\n1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution\n1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution\n1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution\n1848617 - CVE-2019-17566 batik: SSRF via \"xlink:href\"\n1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika\u0027s Parsers\n1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass\n1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs\n1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML\n1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components\n1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS\n1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure\n1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass\n1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-1000873\nhttps://access.redhat.com/security/cve/CVE-2019-0205\nhttps://access.redhat.com/security/cve/CVE-2019-0210\nhttps://access.redhat.com/security/cve/CVE-2019-2692\nhttps://access.redhat.com/security/cve/CVE-2019-3773\nhttps://access.redhat.com/security/cve/CVE-2019-3774\nhttps://access.redhat.com/security/cve/CVE-2019-10202\nhttps://access.redhat.com/security/cve/CVE-2019-10219\nhttps://access.redhat.com/security/cve/CVE-2019-11777\nhttps://access.redhat.com/security/cve/CVE-2019-12406\nhttps://access.redhat.com/security/cve/CVE-2019-12423\nhttps://access.redhat.com/security/cve/CVE-2019-13990\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2019-17566\nhttps://access.redhat.com/security/cve/CVE-2019-17638\nhttps://access.redhat.com/security/cve/CVE-2019-19343\nhttps://access.redhat.com/security/cve/CVE-2020-1714\nhttps://access.redhat.com/security/cve/CVE-2020-1719\nhttps://access.redhat.com/security/cve/CVE-2020-1950\nhttps://access.redhat.com/security/cve/CVE-2020-1960\nhttps://access.redhat.com/security/cve/CVE-2020-5398\nhttps://access.redhat.com/security/cve/CVE-2020-7226\nhttps://access.redhat.com/security/cve/CVE-2020-9488\nhttps://access.redhat.com/security/cve/CVE-2020-9489\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-11612\nhttps://access.redhat.com/security/cve/CVE-2020-11971\nhttps://access.redhat.com/security/cve/CVE-2020-11972\nhttps://access.redhat.com/security/cve/CVE-2020-11973\nhttps://access.redhat.com/security/cve/CVE-2020-11980\nhttps://access.redhat.com/security/cve/CVE-2020-11989\nhttps://access.redhat.com/security/cve/CVE-2020-11994\nhttps://access.redhat.com/security/cve/CVE-2020-13692\nhttps://access.redhat.com/security/cve/CVE-2020-13933\nhttps://access.redhat.com/security/cve/CVE-2020-14326\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.8.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X\nkJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X\nYJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd\n7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg\nz66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y\nAwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN\n0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH\nZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT\nRH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh\nPgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0\nMtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA\nf8t2frnd7kM=jGVK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "PACKETSTORM",
"id": "160562"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5398",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042844",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072772",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072132",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4464",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183523",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-5398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160562",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"id": "VAR-202001-1870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-25T20:55:50.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-5398: RFD Attack via \u201cContent-Disposition\u201d Header Sourced from Request Input by Spring MVC or Spring WebFlux Application",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2020-5398"
},
{
"title": "Pivotal Software Spring Framework Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110175"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.8.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205568 - security advisory"
},
{
"title": "CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC",
"trust": 0.1,
"url": "https://github.com/motikan2010/cve-2020-5398 "
},
{
"title": "Wapiti - Web Vulnerability Scanner",
"trust": 0.1,
"url": "https://github.com/wapiti-scanner/wapiti "
},
{
"title": "SpringSecurity",
"trust": 0.1,
"url": "https://github.com/ax1sx/springsecurity "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pctf/vulnerable-app "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-494",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://pivotal.io/security/cve-2020-5398"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5398"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3ccommits.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3cissues.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3cissues.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3cdev.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3cdev.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3cdev.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3cdev.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3ccommits.camel.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5398"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3ccommits.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3cdev.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3cdev.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3cissues.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3cissues.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8@%3ccommits.camel.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f@%3cdev.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc@%3cdev.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072772"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4464/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072132"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/spring-framework-file-reading-via-content-disposition-reflected-file-download-31360"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042844"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11989"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11980"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1393"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000873"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10202"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11994"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5398"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13933"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11994"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5568"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11777"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-183523"
},
{
"date": "2020-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"date": "2020-12-16T18:17:52",
"db": "PACKETSTORM",
"id": "160562"
},
{
"date": "2020-01-17T00:15:12.103000",
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-183523"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"date": "2023-11-07T03:23:46.420000",
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerabilities in the integrity of downloaded code",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202107-1611
Vulnerability from variot
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The database management system provides functions such as data management and distributed processing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "blockchain platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "hospitality opera 5",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "rapid planning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "oss support tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.42"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.3"
},
{
"model": "retail order management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.5"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.3.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.1.0"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"model": "rapid planning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.11"
},
{
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "documaker",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "banking apis",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "clinical",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "banking apis",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "documaker",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "financial services model management and governance",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0.0"
},
{
"model": "communications convergent charging controller",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.3.1"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services model management and governance",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "retail customer insights",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "hospitality inventory management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.3"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.11.0"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.3.3"
},
{
"model": "goldengate application adapters",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.12.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.14.0"
},
{
"model": "real user experience insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.0"
},
{
"model": "graph server and client",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "demantra demand management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "goldengate",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.24.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.3.3"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.17.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4.0"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.1.1"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.2.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11.1"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.0"
},
{
"model": "hyperion infrastructure technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11.1"
},
{
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.1.1.0"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "airlines data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0.1.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "health sciences inform crf submit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.17.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "spatial studio",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2.1"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.12"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.2"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.0"
},
{
"model": "communications convergent charging controller",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.7.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.3"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.9.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail customer insights",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.8"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "storagetek tape analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4"
},
{
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.10.2"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.5.0.0.220118"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.9.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.13.0"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "retail analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4"
},
{
"model": "hospitality inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "airlines data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.3.0"
},
{
"model": "big data spatial and graph",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.9.0"
},
{
"model": "zfs storage application integration engineering software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.3.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "communications diameter intelligence hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.2.0"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.24"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.0"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.2.2"
},
{
"model": "clinical",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.2"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "real user experience insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.0"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.0"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.1"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.2"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications metasolv solution",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "demantra demand management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.11"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter intelligence hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.1.1.0"
},
{
"model": "health sciences clinical development analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "oracle hospitality suite8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services model management and governance",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera p6 professional project management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera data warehouse",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking digital experience",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle flexcube private banking",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "21.12 and earlier"
},
{
"model": "oracle retail xstore point of service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services analytical applications infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle enterprise manager ops center",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle clinical",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare foundation",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle application testing suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences inform crf submit",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle goldengate",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance data gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "hyperion infrastructure technology",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail returns management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications metasolv solution",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications data model",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance rules palette",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services behavior detection platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail service backbone",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services trade-based anti money laundering",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle demantra demand management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare data repository",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle data integrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail predictive application server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle spatial studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle airlines data model",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle flexcube investor servicing",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle enterprise data quality",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oss support tools",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare translational research",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications application session controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail merchandising system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus safety",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications design studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle fusion middleware",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle real user experience insight",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "communications session route manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail order management system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail price management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance policy administration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle application performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail assortment planning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera unifier",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications convergent charging controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services foreign account tax compliance act management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle utilities framework",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail point-of-service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail central office",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications contacts server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle agile engineering data management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle policy automation",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "enterprise manager base platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle zfs storage application integration engineering software",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail order broker",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking apis",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle product lifecycle analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences clinical development analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle ilearning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle commerce platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications network integrity",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail financial integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "advanced networking option",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle utilities testing accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences information manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail back office",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus insight",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle thesaurus management system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus mart",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance insbridge rating and underwriting",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "big data spatial and graph",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services enterprise case management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail integration bus",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail customer insights",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications network charging and control",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications calendar server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail store inventory management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle rapid planning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle hospitality opera 5",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle agile plm",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle graph server and client",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail extract transform and load",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle times-ten in-memory database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:advanced_networking_option:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:advanced_networking_option:19c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:advanced_networking_option:12.1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.11",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.12",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.5",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.24",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.20.0",
"versionStartIncluding": "17.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.24.0",
"versionStartIncluding": "18.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.20",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.24",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.5.0.0.220118",
"versionStartIncluding": "19.1.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.2",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_mart:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_mart:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_mart:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1.0.0",
"versionStartIncluding": "8.0.8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.6.4",
"versionStartIncluding": "12.6.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:21.1.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"cve": "CVE-2021-2351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-2351",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-377037",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-013664",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-2351",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2021-2351",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1424",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-377037",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The database management system provides functions such as data management and distributed processing",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-2351",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "165258",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "165255",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012652",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041941",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072053",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012331",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012766",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012328",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012771",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011911",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072093",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-09810",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377037",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-2351",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"id": "VAR-202107-1611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-17T21:15:00.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"title": "Oracle Database Server Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178520"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "CWE-384",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/165258/oracle-database-weak-nne-integrity-key-derivation.html"
},
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/165255/oracle-database-protection-mechanism-bypass.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/dec/19"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/dec/20"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2351"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072053"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6507591"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072093"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041941"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220422122"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012766"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012328"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011911"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2021-35942"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012331"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012771"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-377037"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"date": "2022-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"date": "2021-07-21T15:15:21.827000",
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377037"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"date": "2022-09-21T03:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"date": "2024-02-16T18:48:45.617000",
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle\u00a0Database\u00a0Server\u00a0 of \u00a0Advanced\u00a0Networking\u00a0Option\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202001-1869
Vulnerability from variot
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1869",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "insurance calculation engine",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.20"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "insurance calculation engine",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.12"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "spring framework",
"scope": null,
"trust": 0.8,
"vendor": "pivotal",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.12",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eric Zimanyi from Google",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-5397",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-183522",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@pivotal.io",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-5397",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5397",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security@pivotal.io",
"id": "CVE-2020-5397",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-183522",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "VULHUB",
"id": "VHN-183522"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5397",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "48040",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"id": "VAR-202001-1869",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:12.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-5397: CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2020-5397"
},
{
"title": "Pivotal Software Spring Framework Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=107142"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://pivotal.io/security/cve-2020-5397"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5397"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5397"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48040"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/spring-framework-cross-site-request-forgery-via-cors-preflight-requests-31363"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-183522"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"date": "2020-01-17T19:15:14.727000",
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"date": "2020-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-183522"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"date": "2022-07-25T18:15:30.737000",
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
],
"trust": 0.6
}
}
var-202101-1939
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "NVD",
"id": "CVE-2020-36181"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36181"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36181",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36181",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381448",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36181",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36181",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-330",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381448",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36181",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381448"
},
{
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "NVD",
"id": "CVE-2020-36181"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36181"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381448"
},
{
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36181",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-330",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381448",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36181",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381448"
},
{
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36181"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
]
},
"id": "VAR-202101-1939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381448"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:53:27.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138936"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "CVE-2020-36179",
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-36179 "
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381448"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "NVD",
"id": "CVE-2020-36181"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/3004"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381448"
},
{
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36181"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381448"
},
{
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36181"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-381448"
},
{
"date": "2021-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-06T23:15:12.957000",
"db": "NVD",
"id": "CVE-2020-36181"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381448"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36181"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-002834"
},
{
"date": "2023-09-13T14:56:39.930000",
"db": "NVD",
"id": "CVE-2020-36181"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-330"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201805-1189
Vulnerability from variot
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
-
spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)
-
spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)
-
spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Fuse 7.2 security update Advisory ID: RHSA-2018:3768-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768 Issue date: 2018-12-04 CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 =====================================================================
- Summary:
An update is now available for Red Hat Fuse.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions.
Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently.
This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003)
-
tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)
-
ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint (CVE-2018-8018)
-
apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
-
xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002)
-
undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)
-
spring-data-commons: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)
-
kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass (CVE-2018-1288)
-
tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)
-
camel-mail: path traversal vulnerability (CVE-2018-8041)
-
vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537)
-
spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Eedo Shapira (GE Digital) for reporting CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat).
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through tag 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins 1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint 1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass 1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability
- References:
https://access.redhat.com/security/cve/CVE-2016-5002 https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1257 https://access.redhat.com/security/cve/CVE-2018-1259 https://access.redhat.com/security/cve/CVE-2018-1288 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-8014 https://access.redhat.com/security/cve/CVE-2018-8018 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-8041 https://access.redhat.com/security/cve/CVE-2018-12537 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/ https://access.redhat.com/articles/2939351
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI 87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/ BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4 ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9 1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g UOgTm4iHIhQ= =RCpd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openshift",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0.0.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.12.0.3"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.17"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.2.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "enterprise manager for mysql database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.17"
},
{
"model": "openshift",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.x"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.x"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.6"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.1"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.17"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.15"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.14"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.6"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.16"
}
],
"sources": [
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1257"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.",
"sources": [
{
"db": "BID",
"id": "104260"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-1257",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-122542",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-1257",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1257",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-405",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122542",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1257",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. \nSpring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:\n\nRed Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\n* spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)\n\n* spring-security-oauth2: Remote Code Execution with spring-security-oauth2\n(CVE-2018-1260)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.2 security update\nAdvisory ID: RHSA-2018:3768-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3768\nIssue date: 2018-12-04\nCVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 \n CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 \n CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 \n CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat Fuse. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse enables integration experts, application developers, and\nbusiness users to collaborate and independently develop connected\nsolutions. \n\nFuse is part of an agile integration solution. Its distributed approach\nallows teams to deploy integrated services where required. The API-centric,\ncontainer-based architecture decouples services so they can be created,\nextended, and deployed independently. \n\nThis release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse\n7.1, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* xmlrpc: Deserialization of untrusted Java object through\n\u003cex:serializable\u003e tag (CVE-2016-5003)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* ignite: Improper deserialization allows for code execution via\nGridClientJdkMarshaller endpoint (CVE-2018-8018)\n\n* apache-cxf: TLS hostname verification does not work correctly with\ncom.sun.net.ssl.* (CVE-2018-8039)\n\n* xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n(CVE-2016-5002)\n\n* undertow: Client can use bogus uri in Digest authentication\n(CVE-2017-12196)\n\n* spring-data-commons: XXE with Spring Dataas XMLBeam integration\n(CVE-2018-1259)\n\n* kafka: Users can perform Broker actions via crafted fetch requests,\ninterfering with data replication and causing data lass (CVE-2018-1288)\n\n* tomcat: Insecure defaults in CORS filter enable \u0027supportsCredentials\u0027 for\nall origins (CVE-2018-8014)\n\n* camel-mail: path traversal vulnerability (CVE-2018-8041)\n\n* vertx: Improper neutralization of CRLF sequences allows remote attackers\nto inject arbitrary HTTP response headers (CVE-2018-12537)\n\n* spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Eedo Shapira (GE Digital) for reporting\nCVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red\nHat). \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication\n1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through \u003cex:serializable\u003e tag\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable \u0027supportsCredentials\u0027 for all origins\n1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers\n1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*\n1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS\n1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint\n1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass\n1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-5002\nhttps://access.redhat.com/security/cve/CVE-2016-5003\nhttps://access.redhat.com/security/cve/CVE-2017-12196\nhttps://access.redhat.com/security/cve/CVE-2018-1257\nhttps://access.redhat.com/security/cve/CVE-2018-1259\nhttps://access.redhat.com/security/cve/CVE-2018-1288\nhttps://access.redhat.com/security/cve/CVE-2018-1336\nhttps://access.redhat.com/security/cve/CVE-2018-8014\nhttps://access.redhat.com/security/cve/CVE-2018-8018\nhttps://access.redhat.com/security/cve/CVE-2018-8039\nhttps://access.redhat.com/security/cve/CVE-2018-8041\nhttps://access.redhat.com/security/cve/CVE-2018-12537\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=7.2.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/\nhttps://access.redhat.com/articles/2939351\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B\nRWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI\n87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF\nEa+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/\nBVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4\nahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H\nbcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S\nWlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf\ndbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9\n1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA\ne4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g\nUOgTm4iHIhQ=\n=RCpd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1257",
"trust": 3.1
},
{
"db": "BID",
"id": "104260",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148079",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-122542",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150645",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"id": "VAR-201805-1189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:14:21.447000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1257: ReDoS Attack with spring-messaging",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1257"
},
{
"title": "RHSA-2018:1809",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2018:1809"
},
{
"title": "Pivotal Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80032"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20181809 - security advisory"
},
{
"title": "Red Hat: CVE-2018-1257",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1257"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183768 - security advisory"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/104260"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1257"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/errata/rhsa-2018:1809"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3768"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1257"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1257"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.3,
"url": "http://pivotal.io/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1259"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1257"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=catrhoar.spring.boot\u0026downloadtype=distributions\u0026version=1.5.13"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=7.2.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1288"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2939351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12196"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-122542"
},
{
"date": "2018-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"date": "2018-05-09T00:00:00",
"db": "BID",
"id": "104260"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"date": "2018-06-07T15:16:13",
"db": "PACKETSTORM",
"id": "148079"
},
{
"date": "2018-12-06T02:15:34",
"db": "PACKETSTORM",
"id": "150645"
},
{
"date": "2018-05-11T20:29:00.213000",
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"date": "2018-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-122542"
},
{
"date": "2022-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"date": "2018-05-09T00:00:00",
"db": "BID",
"id": "104260"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"date": "2022-06-23T16:31:30.630000",
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "104260"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
],
"trust": 0.9
}
}
var-202101-1946
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1946",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "NVD",
"id": "CVE-2020-36189"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36189"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36189",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36189",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381456",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36189",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36189",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-329",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381456",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36189",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381456"
},
{
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "NVD",
"id": "CVE-2020-36189"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36189"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381456"
},
{
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36189",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012755",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-329",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381456",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36189",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381456"
},
{
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36189"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
]
},
"id": "VAR-202101-1946",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381456"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:52:46.706000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138935"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381456"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "NVD",
"id": "CVE-2020-36189"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2996"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012755"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381456"
},
{
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36189"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381456"
},
{
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36189"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-381456"
},
{
"date": "2021-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-06T23:15:13.280000",
"db": "NVD",
"id": "CVE-2020-36189"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-381456"
},
{
"date": "2022-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36189"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2020-015593"
},
{
"date": "2023-09-13T14:57:37.650000",
"db": "NVD",
"id": "CVE-2020-36189"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015593"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202101-1933
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1933",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-327"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36179",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36179",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381446",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36179",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36179",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-327",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381446",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36179",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381446"
},
{
"db": "VULMON",
"id": "CVE-2020-36179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-327"
},
{
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381446"
},
{
"db": "VULMON",
"id": "CVE-2020-36179"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36179",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-327",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-99105",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381446",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36179",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381446"
},
{
"db": "VULMON",
"id": "CVE-2020-36179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-327"
},
{
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"id": "VAR-202101-1933",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381446"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-19T23:19:28.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138934"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "https://github.com/Al1ex/CVE-2020-36179",
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-36179 "
},
{
"title": "https://github.com/Al1ex/Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-327"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381446"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.7,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/3004"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3cissues.spark.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3cissues.spark.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381446"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-327"
},
{
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381446"
},
{
"db": "VULMON",
"id": "CVE-2020-36179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-327"
},
{
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-381446"
},
{
"date": "2021-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36179"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-327"
},
{
"date": "2021-01-07T00:15:14.850000",
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381446"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36179"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-002835"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-327"
},
{
"date": "2023-11-07T03:22:06.623000",
"db": "NVD",
"id": "CVE-2020-36179"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002835"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202004-2191
Vulnerability from variot
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:3247-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3247 Issue date: 2020-08-04 CVE Names: CVE-2017-18635 CVE-2019-8331 CVE-2019-10086 CVE-2019-13990 CVE-2019-17195 CVE-2019-19336 CVE-2020-7598 CVE-2020-10775 CVE-2020-11022 CVE-2020-11023 =====================================================================
- Summary:
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64
- Description:
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes
Security Fix(es):
-
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
-
libquartz: XXE attacks via job description (CVE-2019-13990)
-
novnc: XSS vulnerability via the messages propagated to the status field (CVE-2017-18635)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)
-
ovirt-engine: response_type parameter allows reflected XSS (CVE-2019-19336)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
ovirt-engine: Redirect to arbitrary URL allows for phishing (CVE-2020-10775)
-
Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1080097 - [RFE] Allow editing disks details in the Disks tab 1325468 - [RFE] Autostart of VMs that are down (with Engine assistance - Engine has to be up) 1358501 - [RFE] multihost network change - notify when done 1427717 - [RFE] Create and/or select affinity group upon VM creation. 1475774 - RHV-M requesting four GetDeviceListVDSCommand when editing storage domain 1507438 - not able to deploy new rhvh host when "/tmp" is mounted with "noexec" option 1523835 - Hosted-Engine: memory hotplug does not work for engine vm 1527843 - [Tracker] Q35 chipset support (with seabios) 1529042 - [RFE] Changing of Cluster CPU Type does not trigger config update notification 1535796 - Undeployment of HE is not graceful 1546838 - [RFE] Refuse to deploy on localhost.localdomain 1547937 - [RFE] Live Storage Migration progress bar. 1585986 - [HE] When lowering the cluster compatibility, we need to force update the HE storage OVF store to ensure it can start up (migration will not work). 1593800 - [RFE] forbid new mac pools with overlapping ranges 1596178 - inconsistent display between automatic and manual Pool Type 1600059 - [RFE] Add by default a storage lease to HA VMs 1610212 - After updating to RHV 4.1 while trying to edit the disk, getting error "Cannot edit Virtual Disk. Cannot edit Virtual Disk. Disk extension combined with disk compat version update isn't supported. Please perform the updates separately." 1611395 - Unable to list Compute Templates in RHV 4.2 from Satellite 6.3.2 1616451 - [UI] add a tooltip to explain the supported matrix for the combination of disk allocation policies, formats and the combination result 1637172 - Live Merge hung in the volume deletion phase, leaving snapshot in a LOCKED state 1640908 - Javascript Error popup when Managing StorageDomain with LUNs and 400+ paths 1642273 - [UI] - left nav border highlight missing in RHV 1647440 - [RFE][UI] Provide information about the VM next run 1648345 - Jobs are not properly cleaned after a failed task. 1650417 - HA is broken for VMs having disks in NFS storage domain because of Qemu OFD locking 1650505 - Increase of ClusterCompatibilityVersion to Cluster with virtual machines with outstanding configuration changes, those changes will be reverted 1651406 - [RFE] Allow Maintenance of Host with Enforcing VM Affinity Rules (hard affinity) 1651939 - a new size of the direct LUN not updated in Admin Portal 1654069 - [Downstream Clone] [UI] - grids bottom scrollbar hides bottom row 1654889 - [RFE] Support console VNC for mediated devices 1656621 - Importing VM OVA always enables 'Cloud-Init/Sysprep' 1658101 - [RESTAPI] Adding ISO disables serial console 1659161 - Unable to edit pool that is delete protected 1660071 - Regression in Migration of VM that starts in pause mode: took 11 hours 1660644 - Concurrent LSMs of the same disk can be issued via the REST-API 1663366 - USB selection option disabled even though USB support is enabled in RHV-4.2 1664479 - Third VM fails to get migrated when host is placed into maintenance mode 1666913 - [UI] warn users about different "Vdsm Name" when creating network with a fancy char or long name 1670102 - [CinderLib] - openstack-cinder and cinderlib packages are not installed on ovirt-engine machine 1671876 - "Bond Active Slave" parameter on RHV-M GUI shows an incorrect until Refresh Caps 1679039 - Unable to upload image through Storage->Domain->Disk because of wrong DC 1679110 - [RFE] change Admin Portal toast notifications location 1679471 - [ja, de, es, fr, pt_BR] The console client resources page shows truncated title for some locales 1679730 - Warn about host IP addresses outside range 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1686650 - Memory snapshots' deletion logging unnecessary WARNINGS in engine.log 1687345 - Snapshot with memory volumes can fail if the memory dump takes more than 180 seconds 1690026 - [RFE] - Creating an NFS storage domain the engine should let the user specify exact NFS version v4.0 and not just v4 1690155 - Disk migration progress bar not clearly visible and unusable. 1690475 - When a live storage migration fails, the auto generated snapshot does not get removed 1691562 - Cluster level changes are not increasing VMs generation numbers and so a new OVF_STORE content is not copied to the shared storage 1692592 - "Enable menu to select boot device shows 10 device listed with cdrom at 10th slot but when selecting 10 option the VM took 1 as option and boot with disk 1693628 - Engine generates too many updates to vm_dynamic table due to the session change 1693813 - Do not change DC level if there are VMs running/paused with older CL. 1695026 - Failure in creating snapshots during "Live Storage Migration" can result in a nonexistent snapshot 1695635 - [RFE] Improve Host Drop-down menu in different Dialogs (i.e. Alphabetical sort of Hosts in Remove|New StorageDomains) 1696245 - [RFE] Allow full customization while cloning a VM 1696669 - Build bouncycastle for RHV 4.4 RHEL 8 1696676 - Build ebay-cors-filter for RHV 4.4 RHEL 8 1698009 - Build openstack-java-sdk for RHV 4.4 RHEL 8 1698102 - Print a warning message to engine-setup, which highlights that other clusters than the Default one are not modified to use ovirt-provider-ovn as the default network provider 1700021 - [RFE] engine-setup should warn and prompt if ca.pem is missing but other generated pki files exist 1700036 - [RFE] Add RedFish API for host power management for RHEV 1700319 - VM is going to pause state with "storage I/O error". 1700338 - [RFE] Alternate method to configure the email Event Notifier for a user in RHV through API (instead of RHV GUI) 1700725 - [scale] RHV-M runs out of memory due to to much data reported by the guest agent 1700867 - Build makeself for RHV 4.4 RHEL 8 1701476 - Build unboundid-ldapsdk for RHV 4.4 RHEL 8 1701491 - Build RHV-M 4.4 - RHEL 8 1701522 - Build ovirt-imageio-proxy for RHV 4.4 / RHEL 8 1701528 - Build / Tag python-ovsdbapp for RHV 4.4 RHEL 8 1701530 - Build / Tag ovirt-cockpit-sso for RHV 4.4 RHEL 8 1701531 - Build / Tag ovirt-engine-api-explorer for RHV 4.4 RHEL 8 1701533 - Build / Tag ovirt-engine-dwh for RHV 4.4 / RHEL 8 1701538 - Build / Tag vdsm-jsonrpc-java for RHV 4.4 RHEL 8 1701544 - Build rhvm-dependencies for RHV 4.4 RHEL 8 1702310 - Build / Tag ovirt-engine-ui-extensions for RHV 4.4 RHEL 8 1702312 - Build ovirt-log-collector for RHV 4.4 RHEL 8 1703112 - PCI address of NICs are not stored in the database after a hotplug of passthrough NIC resulting in change of network device name in VM after a reboot 1703428 - VMs migrated from KVM to RHV show warning 'The latest guest agent needs to be installed and running on the guest' 1707225 - [cinderlib] Cinderlib DB is missing a backup and restore option 1708624 - Build rhvm-setup-plugins for RHV 4.4 - RHEL 8 1710491 - No EVENT_ID is generated in /var/log/ovirt-engine/engine.log when VM is rebooted from OS level itself. 1711006 - Metrics installation fails during the execution of playbook ovirt-metrics-store-installation if the environment is not having DHCP 1712255 - Drop 4.1 datacenter/cluster level 1712746 - [RFE] Ignition support for ovirt vms 1712890 - engine-setup should check for snapshots in unsupported CL 1714528 - Missing IDs on cluster upgrade buttons 1714633 - Using more than one asterisk in the search string is not working when searching for users. 1714834 - Cannot disable SCSI passthrough using API 1715725 - Sending credentials in query string logs them in ovirt-request-logs 1716590 - [RFE][UX] Make Cluster-wide "Custom serial number policy" value visible at VM level 1718818 - [RFE] Enhance local disk passthrough 1720686 - Tag ovirt-scheduler-proxy for RHV 4.4 RHEL 8 1720694 - Build ovirt-engine-extension-aaa-jdbc for RHV 4.4 RHEL 8 1720795 - New guest tools are available mark in case of guest tool located on Data Domain 1724959 - RHV recommends reporting issues to GitHub rather than access.redhat.com (ovirt->RHV rebrand glitch?) 1727025 - NPE in DestroyImage endAction during live merge leaving a task in DB for hours causing operations depending on host clean tasks to fail as Deactivate host/StopSPM/deactivate SD 1728472 - Engine reports network out of sync due to ipv6 default gateway via ND RA on a non default route network. 1729511 - engine-setup fails to upgrade to 4.3 with Unicode characters in CA subject 1729811 - [scale] updatevmdynamic broken if too many users logged in - psql ERROR: value too long for type character varying(255) 1730264 - VMs will fail to start if the vnic profile attached is having port mirroring enabled and have name greater than 15 characters 1730436 - Snapshot creation was successful, but snapshot remains locked 1731212 - RHV 4.4 landing page does not show login or allow scrolling. 1731590 - Cannot preview snapshot, it fails and VM remains locked. 1733031 - [RFE] Add warning when importing data domains to newer DC that may trigger SD format upgrade 1733529 - Consume python-ovsdbapp dependencies from OSP in RHEL 8 RHV 4.4 1733843 - Export to OVA fails if VM is running on the Host doing the export 1734839 - Unable to start guests in our Power9 cluster without running in headless mode. 1737234 - Attach a non-existent ISO to vm by the API return 201 and marks the Attach CD checkbox as ON 1737684 - Engine deletes the leaf volume when SnapshotVDSCommand timed out without checking if the volume is still used by the VM 1740978 - [RFE] Warn or Block importing VMs/Templates from unsupported compatibility levels. 1741102 - host activation causes RHHI nodes to lose the quorum 1741271 - Move/Copy disk are blocked if there is less space in source SD than the size of the disk 1741625 - VM fails to be re-started with error: Failed to acquire lock: No space left on device 1743690 - Commit and Undo buttons active when no snapshot selected 1744557 - RHV 4.3 throws an exception when trying to access VMs which have snapshots from unsupported compatibility levels 1745384 - [IPv6 Static] Engine should allow updating network's static ipv6gateway 1745504 - Tag rhv-log-collector-analyzer for RHV 4.4 RHEL 8 1746272 - [BREW BUILD ENABLER] Build the oVirt Ansible roles for RHV 4.4.0 1746430 - [Rebase] Rebase v2v-conversion-host for RHV 4.4 Engine 1746877 - [Metrics] Rebase bug - for the 4.4 release on EL8 1747772 - Extra white space at the top of webadmin dialogs 1749284 - Change the Snapshot operation to be asynchronous 1749944 - teardownImage attempts to deactivate in-use LV's rendering the VM disk image/volumes in locked state. 1750212 - MERGE_STATUS fails with 'Invalid UUID string: mapper' when Direct LUN that already exists is hot-plugged 1750348 - [Tracking] rhvm-branding-rhv for RHV 4.4 1750357 - [Tracking] ovirt-web-ui for RHV 4.4 1750371 - [Tracking] ovirt-engine-ui-extensions for RHV 4.4 1750482 - From VM Portal, users cannot create Operating System Windows VM. 1751215 - Unable to change Graphical Console of HE VM. 1751268 - add links to Insights to landing page 1751423 - Improve description of shared memory statistics and remove unimplemented memory metrics from API 1752890 - Build / Tag ovirt-engine-extension-aaa-ldap for RHV 4.4 RHEL 8 1752995 - [RFE] Need to be able to set default console option 1753629 - Build / Tag ovirt-engine-extension-aaa-misc for RHV 4.4 RHEL 8 1753661 - Build / Tag ovirt-engine-extension-logger-log4j got RHV 4.4 / RHEl 8 1753664 - Build ovirt-fast-forward-upgrade for RHV 4.4 /RHEL 8 support 1754363 - [Scale] Engine generates excessive amount of dns configuration related sql queries 1754490 - RHV Manager cannot start on EAP 7.2.4 1755412 - Setting "oreg_url: registry.redhat.io" fails with error 1758048 - clone(as thin) VM from template or create snapshot fails with 'Requested capacity 1073741824 < parent capacity 3221225472 (volume:1211)' 1758289 - [Warn] Duplicate chassis entries in southbound database if the host is down while removing the host from Manager 1762281 - Import of OVA created from template fails with java.lang.NullPointerException 1763992 - [RFE] Show "Open Console" as the main option in the VM actions menu 1764289 - Document details how each fence agent can be configured in RESTAPI 1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT 1764932 - [BREW BUILD ENABLER] Build the ansible-runner-service for RHV 4.4 1764943 - Create Snapshot does not proceed beyond CreateVolume 1764959 - Apache is configured to offer TRACE method (security) 1765660 - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field 1767319 - [RFE] forbid updating mac pool that contains ranges overlapping with any mac range in the system 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1768707 - Cannot set or update iscsi portal group tag when editing storage connection via API 1768844 - RHEL Advanced virtualization module streams support 1769463 - [Scale] Slow performance for api/clusters when many networks devices are present 1770237 - Cannot assign a vNIC profile for VM instance profile. 1771793 - VM Portal crashes in what appears to be a permission related problem. 1773313 - RHV Metric store installation fails with error: "You need to install \"jmespath\" prior to running json_query filter" 1777954 - VM Templates greater then 101 quantity are not listed/reported in RHV-M Webadmin UI. 1779580 - drop rhvm-doc package 1781001 - CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS 1782236 - Windows Update (the drivers) enablement 1782279 - Warning message for low space is not received on Imported Storage domain 1782882 - qemu-kvm: kvm_init_vcpu failed: Function not implemented 1784049 - Rhel6 guest with cluster default q35 chipset causes kernel panic 1784385 - Still requiring rhvm-doc in rhvm-setup-plugins 1785750 - [RFE] Ability to change default VM action (Suspend) in the VM Portal. 1788424 - Importing a VM having direct LUN attached using virtio driver is failing with error "VirtIO-SCSI is disabled for the VM" 1796809 - Build apache-sshd for RHV 4.4 RHEL 8 1796811 - Remove bundled apache-sshd library 1796815 - Build snmp4j for RHV 4.4 RHEL 8 1796817 - Remove bundled snmp4j library 1797316 - Snapshot creation from VM fails on second snapshot and afterwords 1797500 - Add disk operation failed to complete. 1798114 - Build apache-commons-digester for RHV 4.4 RHEL 8 1798117 - Build apache-commons-configuration for RHV 4.4 RHEL 8 1798120 - Build apache-commons-jexl for RHV 4.4 RHEL 8 1798127 - Build apache-commons-collections4 for RHV 4.4 RHEL 8 1798137 - Build apache-commons-vfs for RHV 4.4 RHEL 8 1799171 - Build ws-commons-util for RHV 4.4 RHEL 8 1799204 - Build xmlrpc for RHV 4.4 RHEL 8 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801709 - Disable activation of the host while Enroll certificate flow is still in progress 1803597 - rhv-image-discrepancies should skip storage domains in maintenance mode and ISO/Export 1805669 - change requirement on rhvm package from spice-client-msi to spice-client-win 1806276 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine 1807047 - Build m2crypto for RHV 4.4 RHEL 8 1807860 - [RFE] Allow resource allocation options to be customized 1808096 - Uploading ISOs causes "Uncaught exception occurred. Please try reloading the page. Details: (TypeError) : a.n is null" 1808126 - host_service.install() does not work with deploy_hosted_engine as True. 1809040 - [CNV&RHV] let the user know that token is not valid anymore 1809052 - [CNV&RHV] ovirt-engine log file spammed by failed timers ( approx 3-5 messages/sec ) 1809875 - rhv-image-discrepancies only compares images on the last DC 1809877 - rhv-image-discrepancies sends dump-volume-chains with parameter that is ignored 1810893 - mountOptions is ignored for "import storage domain" from GUI 1811865 - [Scale] Host Monitoring generates excessive amount of qos related sql queries 1811869 - [Scale] Webadmin\REST for host interface list response time is too long because of excessive amount of qos related sql queries 1812875 - Unable to create VMs when french Language is selected for the rhvm gui. 1813305 - Engine updating SLA policies of VMs continuously in an environment which is not having any QOS configured 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1814197 - [CNV&RHV] when provider is remover DC is left behind and active 1814215 - [CNV&RHV] Adding new provider to engine fails after succesfull test 1816017 - Build log4j12 for RHV 4.4 EL8 1816643 - [CNV&RHV] VM created in CNV not visible in RHV 1816654 - [CNV&RHV] adding provider with already created vm failed 1816693 - [CNV&RHV] CNV VM failed to restart even if 1st dialog looks fine 1816739 - [CNV&RHV] CNV VM updated form CNV side doesn't update vm properties over on RHV side 1817467 - [Tracking] Migration path between RHV 4.3 and 4.4 1818745 - rhv-log-collector-analyzer 0.2.17 still requires pyhton2 1819201 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update 1819248 - Cannot upgrade host after engine setup 1819514 - Failed to register 4.4 host to the latest engine (4.4.0-0.29.master.el8ev) 1819960 - NPE on ImportVmTemplateFromConfigurationCommand when creating VM from ovf_data 1820621 - Build apache-commons-compress for RHV 4.4 EL8 1820638 - Build apache-commons-jxpath for RHV 4.4 EL8 1821164 - Failed snapshot creation can cause data corruption of other VMs 1821930 - Enable only TLSv1.2+ protocol for SPICE on EL7 hosts 1824095 - VM portal shows only error 1825793 - RHV branding is missing after upgrade from 4.3 1826248 - [4.4][ovirt-cockpit-sso] Compatibility issues with python3 1826437 - The console client resources page return HTTP code 500 1826801 - [CNV&RHV] update of memory on cnv side does not propagate to rhv 1826855 - [cnv&rhv] update of cpu on cnv side causing expetion in engine.log 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1828669 - After SPM select the engine lost communication to all hosts until restarted [improved logging] 1828736 - [CNV&RHV] cnv template is not propagated to rhv 1829189 - engine-setup httpd ssl configuration conflicts with Red Hat Insights 1829656 - Failed to register 4.3 host to 4.4 engine with 4.3 cluster (4.4.0-0.33.master.el8ev) 1829830 - vhost custom properties does not accept '-' 1832161 - rhv-log-collector-analyzer fails with UnicodeDecodeError on RHEL8 1834523 - Edit VM -> Enable Smartcard sharing does not stick when VM is running 1838493 - Live snapshot made with freeze in the engine will cause the FS to be frozen 1841495 - Upgrade openstack-java-sdk to 3.2.9 1842495 - high cpu usage after entering wrong search pattern in RHVM 1844270 - [vGPU] nodisplay option for mdev broken since mdev scheduling unit 1844855 - Missing images (favicon.ico, banner logo) and missing brand.css file on VM portal d/s installation 1845473 - Exporting an OVA file from a VM results in its ovf file having a format of RAW when the disk is COW 1847420 - CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing 1850004 - CVE-2020-11023 jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution 1853444 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update (July-2020) 1854563 - [4.4 downstream only][RFE] Include a link to grafana on front page
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ansible-runner-1.4.5-1.el8ar.src.rpm ansible-runner-service-1.0.2-1.el8ev.src.rpm apache-commons-collections4-4.4-1.el8ev.src.rpm apache-commons-compress-1.18-1.el8ev.src.rpm apache-commons-configuration-1.10-1.el8ev.src.rpm apache-commons-jexl-2.1.1-1.el8ev.src.rpm apache-commons-jxpath-1.3-29.el8ev.src.rpm apache-commons-vfs-2.4.1-1.el8ev.src.rpm apache-sshd-2.5.1-1.el8ev.src.rpm ebay-cors-filter-1.0.1-4.el8ev.src.rpm ed25519-java-0.3.0-1.el8ev.src.rpm engine-db-query-1.6.1-1.el8ev.src.rpm java-client-kubevirt-0.5.0-1.el8ev.src.rpm log4j12-1.2.17-22.el8ev.src.rpm m2crypto-0.35.2-5.el8ev.src.rpm makeself-2.4.0-4.el8ev.src.rpm novnc-1.1.0-1.el8ost.src.rpm openstack-java-sdk-3.2.9-1.el8ev.src.rpm ovirt-cockpit-sso-0.1.4-1.el8ev.src.rpm ovirt-engine-4.4.1.8-0.7.el8ev.src.rpm ovirt-engine-api-explorer-0.0.6-1.el8ev.src.rpm ovirt-engine-dwh-4.4.1.2-1.el8ev.src.rpm ovirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.src.rpm ovirt-engine-extension-aaa-misc-1.1.0-1.el8ev.src.rpm ovirt-engine-extension-logger-log4j-1.1.0-1.el8ev.src.rpm ovirt-engine-extensions-api-1.0.1-1.el8ev.src.rpm ovirt-engine-metrics-1.4.1.1-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.2.2-1.el8ev.src.rpm ovirt-fast-forward-upgrade-1.1.6-0.el8ev.src.rpm ovirt-log-collector-4.4.2-1.el8ev.src.rpm ovirt-scheduler-proxy-0.1.9-1.el8ev.src.rpm ovirt-web-ui-1.6.3-1.el8ev.src.rpm python-aniso8601-0.82-4.el8ost.src.rpm python-flask-1.0.2-2.el8ost.src.rpm python-flask-restful-0.3.6-8.el8ost.src.rpm python-netaddr-0.7.19-8.1.el8ost.src.rpm python-notario-0.0.16-2.el8cp.src.rpm python-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.src.rpm python-pbr-5.1.2-2.el8ost.src.rpm python-six-1.12.0-1.el8ost.src.rpm python-websocket-client-0.54.0-1.el8ost.src.rpm python-werkzeug-0.16.0-1.el8ost.src.rpm rhv-log-collector-analyzer-1.0.2-1.el8ev.src.rpm rhvm-branding-rhv-4.4.4-1.el8ev.src.rpm rhvm-dependencies-4.4.0-1.el8ev.src.rpm rhvm-setup-plugins-4.4.2-1.el8ev.src.rpm snmp4j-2.4.1-1.el8ev.src.rpm unboundid-ldapsdk-4.0.14-1.el8ev.src.rpm vdsm-jsonrpc-java-1.5.4-1.el8ev.src.rpm ws-commons-util-1.0.2-1.el8ev.src.rpm xmlrpc-3.1.3-1.el8ev.src.rpm
noarch: ansible-runner-1.4.5-1.el8ar.noarch.rpm ansible-runner-service-1.0.2-1.el8ev.noarch.rpm apache-commons-collections4-4.4-1.el8ev.noarch.rpm apache-commons-collections4-javadoc-4.4-1.el8ev.noarch.rpm apache-commons-compress-1.18-1.el8ev.noarch.rpm apache-commons-compress-javadoc-1.18-1.el8ev.noarch.rpm apache-commons-configuration-1.10-1.el8ev.noarch.rpm apache-commons-jexl-2.1.1-1.el8ev.noarch.rpm apache-commons-jexl-javadoc-2.1.1-1.el8ev.noarch.rpm apache-commons-jxpath-1.3-29.el8ev.noarch.rpm apache-commons-jxpath-javadoc-1.3-29.el8ev.noarch.rpm apache-commons-vfs-2.4.1-1.el8ev.noarch.rpm apache-commons-vfs-ant-2.4.1-1.el8ev.noarch.rpm apache-commons-vfs-examples-2.4.1-1.el8ev.noarch.rpm apache-commons-vfs-javadoc-2.4.1-1.el8ev.noarch.rpm apache-sshd-2.5.1-1.el8ev.noarch.rpm apache-sshd-javadoc-2.5.1-1.el8ev.noarch.rpm ebay-cors-filter-1.0.1-4.el8ev.noarch.rpm ed25519-java-0.3.0-1.el8ev.noarch.rpm ed25519-java-javadoc-0.3.0-1.el8ev.noarch.rpm engine-db-query-1.6.1-1.el8ev.noarch.rpm java-client-kubevirt-0.5.0-1.el8ev.noarch.rpm log4j12-1.2.17-22.el8ev.noarch.rpm log4j12-javadoc-1.2.17-22.el8ev.noarch.rpm makeself-2.4.0-4.el8ev.noarch.rpm novnc-1.1.0-1.el8ost.noarch.rpm openstack-java-ceilometer-client-3.2.9-1.el8ev.noarch.rpm openstack-java-ceilometer-model-3.2.9-1.el8ev.noarch.rpm openstack-java-cinder-client-3.2.9-1.el8ev.noarch.rpm openstack-java-cinder-model-3.2.9-1.el8ev.noarch.rpm openstack-java-client-3.2.9-1.el8ev.noarch.rpm openstack-java-glance-client-3.2.9-1.el8ev.noarch.rpm openstack-java-glance-model-3.2.9-1.el8ev.noarch.rpm openstack-java-heat-client-3.2.9-1.el8ev.noarch.rpm openstack-java-heat-model-3.2.9-1.el8ev.noarch.rpm openstack-java-javadoc-3.2.9-1.el8ev.noarch.rpm openstack-java-keystone-client-3.2.9-1.el8ev.noarch.rpm openstack-java-keystone-model-3.2.9-1.el8ev.noarch.rpm openstack-java-nova-client-3.2.9-1.el8ev.noarch.rpm openstack-java-nova-model-3.2.9-1.el8ev.noarch.rpm openstack-java-quantum-client-3.2.9-1.el8ev.noarch.rpm openstack-java-quantum-model-3.2.9-1.el8ev.noarch.rpm openstack-java-resteasy-connector-3.2.9-1.el8ev.noarch.rpm openstack-java-swift-client-3.2.9-1.el8ev.noarch.rpm openstack-java-swift-model-3.2.9-1.el8ev.noarch.rpm ovirt-cockpit-sso-0.1.4-1.el8ev.noarch.rpm ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-api-explorer-0.0.6-1.el8ev.noarch.rpm ovirt-engine-backend-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-dwh-4.4.1.2-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.1.2-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.1.2-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.0-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-misc-1.1.0-1.el8ev.noarch.rpm ovirt-engine-extension-logger-log4j-1.1.0-1.el8ev.noarch.rpm ovirt-engine-extensions-api-1.0.1-1.el8ev.noarch.rpm ovirt-engine-extensions-api-javadoc-1.0.1-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-metrics-1.4.1.1-1.el8ev.noarch.rpm ovirt-engine-restapi-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-tools-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.2.2-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm ovirt-fast-forward-upgrade-1.1.6-0.el8ev.noarch.rpm ovirt-log-collector-4.4.2-1.el8ev.noarch.rpm ovirt-scheduler-proxy-0.1.9-1.el8ev.noarch.rpm ovirt-web-ui-1.6.3-1.el8ev.noarch.rpm python-flask-doc-1.0.2-2.el8ost.noarch.rpm python2-netaddr-0.7.19-8.1.el8ost.noarch.rpm python2-pbr-5.1.2-2.el8ost.noarch.rpm python2-six-1.12.0-1.el8ost.noarch.rpm python3-aniso8601-0.82-4.el8ost.noarch.rpm python3-ansible-runner-1.4.5-1.el8ar.noarch.rpm python3-flask-1.0.2-2.el8ost.noarch.rpm python3-flask-restful-0.3.6-8.el8ost.noarch.rpm python3-netaddr-0.7.19-8.1.el8ost.noarch.rpm python3-notario-0.0.16-2.el8cp.noarch.rpm python3-ovirt-engine-lib-4.4.1.8-0.7.el8ev.noarch.rpm python3-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.noarch.rpm python3-pbr-5.1.2-2.el8ost.noarch.rpm python3-six-1.12.0-1.el8ost.noarch.rpm python3-websocket-client-0.54.0-1.el8ost.noarch.rpm python3-werkzeug-0.16.0-1.el8ost.noarch.rpm python3-werkzeug-doc-0.16.0-1.el8ost.noarch.rpm rhv-log-collector-analyzer-1.0.2-1.el8ev.noarch.rpm rhvm-4.4.1.8-0.7.el8ev.noarch.rpm rhvm-branding-rhv-4.4.4-1.el8ev.noarch.rpm rhvm-dependencies-4.4.0-1.el8ev.noarch.rpm rhvm-setup-plugins-4.4.2-1.el8ev.noarch.rpm snmp4j-2.4.1-1.el8ev.noarch.rpm snmp4j-javadoc-2.4.1-1.el8ev.noarch.rpm unboundid-ldapsdk-4.0.14-1.el8ev.noarch.rpm unboundid-ldapsdk-javadoc-4.0.14-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.5.4-1.el8ev.noarch.rpm ws-commons-util-1.0.2-1.el8ev.noarch.rpm ws-commons-util-javadoc-1.0.2-1.el8ev.noarch.rpm xmlrpc-client-3.1.3-1.el8ev.noarch.rpm xmlrpc-common-3.1.3-1.el8ev.noarch.rpm xmlrpc-javadoc-3.1.3-1.el8ev.noarch.rpm xmlrpc-server-3.1.3-1.el8ev.noarch.rpm
x86_64: m2crypto-debugsource-0.35.2-5.el8ev.x86_64.rpm python3-m2crypto-0.35.2-5.el8ev.x86_64.rpm python3-m2crypto-debuginfo-0.35.2-5.el8ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-18635 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-10086 https://access.redhat.com/security/cve/CVE-2019-13990 https://access.redhat.com/security/cve/CVE-2019-17195 https://access.redhat.com/security/cve/CVE-2019-19336 https://access.redhat.com/security/cve/CVE-2020-7598 https://access.redhat.com/security/cve/CVE-2020-10775 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXylir9zjgjWX9erEAQii/A//bJm3u0+ul+LdQwttSJJ79OdVqcp3FktP tdPj8AFbB6F9KkuX9FAQja0/2pgZAldB3Eyz57GYTxyDD1qeMqYSayGHCH01GWAn u8uF90lcSz6YvgEPDh1mWhLYQMfdWT6IUuKOEHldt8TyHbc7dX3xCbsLDzNCxGbl QuPSFPQBJaAXETSw42NGzdUzaM9zoQ0Mngj+Owcgw53YyBy3BSLAb5bKuijvkcLy SVCAxxiQ89E+cnETKYIv4dOfqXGA5wLg68hDmUQyFcXHA9nQbJM9Q0s1fbZ2Wav1 oGGTqJDTgVElxrHB5pYJ6pu484ZgJealkBCrHA2OBsMJUadwitVvQLXFZF5OyN0N f/vtZ1ua4mZADa61qfnlmVRiyISwmPPWIOImA3TIE5Q8Yl5ucCqtDjQPoJAbXsUl Y22Bb5x7JyrN0nyOgwh6BGGK51CmOaP+xNuWD7osI24pnzdmPTZuJrZLePxgPgac WWQNznzvokknva2ofvujAm+DEl+W7W3A8Vs9wkmUWYlaVC7GFLEkcvQjjHahZ7kh dVJNoh70vpA+aJCMQHYK6MGtCSAWoqXkRTsHb3Stfm2vLLz6GYxY5OuvB7Z0ME1N zCiFjBla5+3nKx5ab8Pola56T1wRULHL6zYN9GTsOzxjdJsKHXBVeV8OYcnoHiza 2TrKn2dtZwI= =92Q3 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
See the following documentation, which will be updated shortly for release 3.11.219, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update is available via the Red Hat Network. Bugs fixed (https://bugzilla.redhat.com/):
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
- You can also manage user accounts for web applications, mobile applications, and RESTful web services. Description:
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security Fix(es):
-
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
-
jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
-
sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
-
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
nodejs-moment: Regular expression denial of service (CVE-2017-18214)
-
wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
-
jackson-databind: use of deeply nested arrays (CVE-2022-42004)
-
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
-
jettison: parser crash by stackoverflow (CVE-2022-40149)
-
jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
-
jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
-
CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
-
JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2191",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6-8.1.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.1"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"model": "financial services data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8m0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.2"
},
{
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.1.0"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.8"
},
{
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.0.0"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0.0"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services basel regulatory capital basic",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "financial services data governance for us regulatory reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services balance sheet planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "hospitality simphony",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.2"
},
{
"model": "insurance accounting analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "agile product supplier collaboration for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services regulatory reporting for us federal reserve",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "financial services regulatory reporting for european banking authority",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0-19.1.2"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0.0"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services regulatory reporting for european banking authority",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "hospitality simphony",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "financial services data governance for us regulatory reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1.1"
},
{
"model": "insurance data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "insurance data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "financial services regulatory reporting for us federal reserve",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.0",
"versionStartIncluding": "1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.70",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.14",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.8.6",
"versionStartIncluding": "8.8.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0.0.0",
"versionStartIncluding": "8.0.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.1.2",
"versionStartIncluding": "19.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.1",
"versionStartIncluding": "18.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
}
],
"trust": 0.7
},
"cve": "CVE-2020-11022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-163559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3247-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3247\nIssue date: 2020-08-04\nCVE Names: CVE-2017-18635 CVE-2019-8331 CVE-2019-10086 \n CVE-2019-13990 CVE-2019-17195 CVE-2019-19336 \n CVE-2020-7598 CVE-2020-10775 CVE-2020-11022 \n CVE-2020-11023 \n=====================================================================\n\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and\ninteracted with, including an Administration Portal, a VM Portal, and a\nRepresentational State Transfer (REST) Application Programming Interface\n(API). \n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht\nml-single/technical_notes\n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* libquartz: XXE attacks via job description (CVE-2019-13990)\n\n* novnc: XSS vulnerability via the messages propagated to the status field\n(CVE-2017-18635)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)\n\n* ovirt-engine: response_type parameter allows reflected XSS\n(CVE-2019-19336)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* ovirt-engine: Redirect to arbitrary URL allows for phishing\n(CVE-2020-10775)\n\n* Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1080097 - [RFE] Allow editing disks details in the Disks tab\n1325468 - [RFE] Autostart of VMs that are down (with Engine assistance - Engine has to be up)\n1358501 - [RFE] multihost network change - notify when done\n1427717 - [RFE] Create and/or select affinity group upon VM creation. \n1475774 - RHV-M requesting four GetDeviceListVDSCommand when editing storage domain\n1507438 - not able to deploy new rhvh host when \"/tmp\" is mounted with \"noexec\" option\n1523835 - Hosted-Engine: memory hotplug does not work for engine vm\n1527843 - [Tracker] Q35 chipset support (with seabios)\n1529042 - [RFE] Changing of Cluster CPU Type does not trigger config update notification\n1535796 - Undeployment of HE is not graceful\n1546838 - [RFE] Refuse to deploy on localhost.localdomain\n1547937 - [RFE] Live Storage Migration progress bar. \n1585986 - [HE] When lowering the cluster compatibility, we need to force update the HE storage OVF store to ensure it can start up (migration will not work). \n1593800 - [RFE] forbid new mac pools with overlapping ranges\n1596178 - inconsistent display between automatic and manual Pool Type\n1600059 - [RFE] Add by default a storage lease to HA VMs\n1610212 - After updating to RHV 4.1 while trying to edit the disk, getting error \"Cannot edit Virtual Disk. Cannot edit Virtual Disk. Disk extension combined with disk compat version update isn\u0027t supported. Please perform the updates separately.\"\n1611395 - Unable to list Compute Templates in RHV 4.2 from Satellite 6.3.2\n1616451 - [UI] add a tooltip to explain the supported matrix for the combination of disk allocation policies, formats and the combination result\n1637172 - Live Merge hung in the volume deletion phase, leaving snapshot in a LOCKED state\n1640908 - Javascript Error popup when Managing StorageDomain with LUNs and 400+ paths\n1642273 - [UI] - left nav border highlight missing in RHV\n1647440 - [RFE][UI] Provide information about the VM next run\n1648345 - Jobs are not properly cleaned after a failed task. \n1650417 - HA is broken for VMs having disks in NFS storage domain because of Qemu OFD locking\n1650505 - Increase of ClusterCompatibilityVersion to Cluster with virtual machines with outstanding configuration changes, those changes will be reverted\n1651406 - [RFE] Allow Maintenance of Host with Enforcing VM Affinity Rules (hard affinity)\n1651939 - a new size of the direct LUN not updated in Admin Portal\n1654069 - [Downstream Clone] [UI] - grids bottom scrollbar hides bottom row\n1654889 - [RFE] Support console VNC for mediated devices\n1656621 - Importing VM OVA always enables \u0027Cloud-Init/Sysprep\u0027\n1658101 - [RESTAPI] Adding ISO disables serial console\n1659161 - Unable to edit pool that is delete protected\n1660071 - Regression in Migration of VM that starts in pause mode: took 11 hours\n1660644 - Concurrent LSMs of the same disk can be issued via the REST-API\n1663366 - USB selection option disabled even though USB support is enabled in RHV-4.2\n1664479 - Third VM fails to get migrated when host is placed into maintenance mode\n1666913 - [UI] warn users about different \"Vdsm Name\" when creating network with a fancy char or long name\n1670102 - [CinderLib] - openstack-cinder and cinderlib packages are not installed on ovirt-engine machine\n1671876 - \"Bond Active Slave\" parameter on RHV-M GUI shows an incorrect until Refresh Caps\n1679039 - Unable to upload image through Storage-\u003eDomain-\u003eDisk because of wrong DC\n1679110 - [RFE] change Admin Portal toast notifications location\n1679471 - [ja, de, es, fr, pt_BR] The console client resources page shows truncated title for some locales\n1679730 - Warn about host IP addresses outside range\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1686650 - Memory snapshots\u0027 deletion logging unnecessary WARNINGS in engine.log\n1687345 - Snapshot with memory volumes can fail if the memory dump takes more than 180 seconds\n1690026 - [RFE] - Creating an NFS storage domain the engine should let the user specify exact NFS version v4.0 and not just v4\n1690155 - Disk migration progress bar not clearly visible and unusable. \n1690475 - When a live storage migration fails, the auto generated snapshot does not get removed\n1691562 - Cluster level changes are not increasing VMs generation numbers and so a new OVF_STORE content is not copied to the shared storage\n1692592 - \"\ufffcEnable menu to select boot device shows 10 device listed with cdrom at 10th slot but when selecting 10 option the VM took 1 as option and boot with disk\n1693628 - Engine generates too many updates to vm_dynamic table due to the session change\n1693813 - Do not change DC level if there are VMs running/paused with older CL. \n1695026 - Failure in creating snapshots during \"Live Storage Migration\" can result in a nonexistent snapshot\n1695635 - [RFE] Improve Host Drop-down menu in different Dialogs (i.e. Alphabetical sort of Hosts in Remove|New StorageDomains)\n1696245 - [RFE] Allow full customization while cloning a VM\n1696669 - Build bouncycastle for RHV 4.4 RHEL 8\n1696676 - Build ebay-cors-filter for RHV 4.4 RHEL 8\n1698009 - Build openstack-java-sdk for RHV 4.4 RHEL 8\n1698102 - Print a warning message to engine-setup, which highlights that other clusters than the Default one are not modified to use ovirt-provider-ovn as the default network provider\n1700021 - [RFE] engine-setup should warn and prompt if ca.pem is missing but other generated pki files exist\n1700036 - [RFE] Add RedFish API for host power management for RHEV\n1700319 - VM is going to pause state with \"storage I/O error\". \n1700338 - [RFE] Alternate method to configure the email Event Notifier for a user in RHV through API (instead of RHV GUI)\n1700725 - [scale] RHV-M runs out of memory due to to much data reported by the guest agent\n1700867 - Build makeself for RHV 4.4 RHEL 8\n1701476 - Build unboundid-ldapsdk for RHV 4.4 RHEL 8\n1701491 - Build RHV-M 4.4 - RHEL 8\n1701522 - Build ovirt-imageio-proxy for RHV 4.4 / RHEL 8\n1701528 - Build / Tag python-ovsdbapp for RHV 4.4 RHEL 8\n1701530 - Build / Tag ovirt-cockpit-sso for RHV 4.4 RHEL 8\n1701531 - Build / Tag ovirt-engine-api-explorer for RHV 4.4 RHEL 8\n1701533 - Build / Tag ovirt-engine-dwh for RHV 4.4 / RHEL 8\n1701538 - Build / Tag vdsm-jsonrpc-java for RHV 4.4 RHEL 8\n1701544 - Build rhvm-dependencies for RHV 4.4 RHEL 8\n1702310 - Build / Tag ovirt-engine-ui-extensions for RHV 4.4 RHEL 8\n1702312 - Build ovirt-log-collector for RHV 4.4 RHEL 8\n1703112 - PCI address of NICs are not stored in the database after a hotplug of passthrough NIC resulting in change of network device name in VM after a reboot\n1703428 - VMs migrated from KVM to RHV show warning \u0027The latest guest agent needs to be installed and running on the guest\u0027\n1707225 - [cinderlib] Cinderlib DB is missing a backup and restore option\n1708624 - Build rhvm-setup-plugins for RHV 4.4 - RHEL 8\n1710491 - No EVENT_ID is generated in /var/log/ovirt-engine/engine.log when VM is rebooted from OS level itself. \n1711006 - Metrics installation fails during the execution of playbook ovirt-metrics-store-installation if the environment is not having DHCP\n1712255 - Drop 4.1 datacenter/cluster level\n1712746 - [RFE] Ignition support for ovirt vms\n1712890 - engine-setup should check for snapshots in unsupported CL\n1714528 - Missing IDs on cluster upgrade buttons\n1714633 - Using more than one asterisk in the search string is not working when searching for users. \n1714834 - Cannot disable SCSI passthrough using API\n1715725 - Sending credentials in query string logs them in ovirt-request-logs\n1716590 - [RFE][UX] Make Cluster-wide \"Custom serial number policy\" value visible at VM level\n1718818 - [RFE] Enhance local disk passthrough\n1720686 - Tag ovirt-scheduler-proxy for RHV 4.4 RHEL 8\n1720694 - Build ovirt-engine-extension-aaa-jdbc for RHV 4.4 RHEL 8\n1720795 - New guest tools are available mark in case of guest tool located on Data Domain\n1724959 - RHV recommends reporting issues to GitHub rather than access.redhat.com (ovirt-\u003eRHV rebrand glitch?)\n1727025 - NPE in DestroyImage endAction during live merge leaving a task in DB for hours causing operations depending on host clean tasks to fail as Deactivate host/StopSPM/deactivate SD\n1728472 - Engine reports network out of sync due to ipv6 default gateway via ND RA on a non default route network. \n1729511 - engine-setup fails to upgrade to 4.3 with Unicode characters in CA subject\n1729811 - [scale] updatevmdynamic broken if too many users logged in - psql ERROR: value too long for type character varying(255)\n1730264 - VMs will fail to start if the vnic profile attached is having port mirroring enabled and have name greater than 15 characters\n1730436 - Snapshot creation was successful, but snapshot remains locked\n1731212 - RHV 4.4 landing page does not show login or allow scrolling. \n1731590 - Cannot preview snapshot, it fails and VM remains locked. \n1733031 - [RFE] Add warning when importing data domains to newer DC that may trigger SD format upgrade\n1733529 - Consume python-ovsdbapp dependencies from OSP in RHEL 8 RHV 4.4\n1733843 - Export to OVA fails if VM is running on the Host doing the export\n1734839 - Unable to start guests in our Power9 cluster without running in headless mode. \n1737234 - Attach a non-existent ISO to vm by the API return 201 and marks the Attach CD checkbox as ON\n1737684 - Engine deletes the leaf volume when SnapshotVDSCommand timed out without checking if the volume is still used by the VM\n1740978 - [RFE] Warn or Block importing VMs/Templates from unsupported compatibility levels. \n1741102 - host activation causes RHHI nodes to lose the quorum\n1741271 - Move/Copy disk are blocked if there is less space in source SD than the size of the disk\n1741625 - VM fails to be re-started with error: Failed to acquire lock: No space left on device\n1743690 - Commit and Undo buttons active when no snapshot selected\n1744557 - RHV 4.3 throws an exception when trying to access VMs which have snapshots from unsupported compatibility levels\n1745384 - [IPv6 Static] Engine should allow updating network\u0027s static ipv6gateway\n1745504 - Tag rhv-log-collector-analyzer for RHV 4.4 RHEL 8\n1746272 - [BREW BUILD ENABLER] Build the oVirt Ansible roles for RHV 4.4.0\n1746430 - [Rebase] Rebase v2v-conversion-host for RHV 4.4 Engine\n1746877 - [Metrics] Rebase bug - for the 4.4 release on EL8\n1747772 - Extra white space at the top of webadmin dialogs\n1749284 - Change the Snapshot operation to be asynchronous\n1749944 - teardownImage attempts to deactivate in-use LV\u0027s rendering the VM disk image/volumes in locked state. \n1750212 - MERGE_STATUS fails with \u0027Invalid UUID string: mapper\u0027 when Direct LUN that already exists is hot-plugged\n1750348 - [Tracking] rhvm-branding-rhv for RHV 4.4\n1750357 - [Tracking] ovirt-web-ui for RHV 4.4\n1750371 - [Tracking] ovirt-engine-ui-extensions for RHV 4.4\n1750482 - From VM Portal, users cannot create Operating System Windows VM. \n1751215 - Unable to change Graphical Console of HE VM. \n1751268 - add links to Insights to landing page\n1751423 - Improve description of shared memory statistics and remove unimplemented memory metrics from API\n1752890 - Build / Tag ovirt-engine-extension-aaa-ldap for RHV 4.4 RHEL 8\n1752995 - [RFE] Need to be able to set default console option\n1753629 - Build / Tag ovirt-engine-extension-aaa-misc for RHV 4.4 RHEL 8\n1753661 - Build / Tag ovirt-engine-extension-logger-log4j got RHV 4.4 / RHEl 8\n1753664 - Build ovirt-fast-forward-upgrade for RHV 4.4 /RHEL 8 support\n1754363 - [Scale] Engine generates excessive amount of dns configuration related sql queries\n1754490 - RHV Manager cannot start on EAP 7.2.4\n1755412 - Setting \"oreg_url: registry.redhat.io\" fails with error\n1758048 - clone(as thin) VM from template or create snapshot fails with \u0027Requested capacity 1073741824 \u003c parent capacity 3221225472 (volume:1211)\u0027\n1758289 - [Warn] Duplicate chassis entries in southbound database if the host is down while removing the host from Manager\n1762281 - Import of OVA created from template fails with java.lang.NullPointerException\n1763992 - [RFE] Show \"Open Console\" as the main option in the VM actions menu\n1764289 - Document details how each fence agent can be configured in RESTAPI\n1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT\n1764932 - [BREW BUILD ENABLER] Build the ansible-runner-service for RHV 4.4\n1764943 - Create Snapshot does not proceed beyond CreateVolume\n1764959 - Apache is configured to offer TRACE method (security)\n1765660 - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field\n1767319 - [RFE] forbid updating mac pool that contains ranges overlapping with any mac range in the system\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1768707 - Cannot set or update iscsi portal group tag when editing storage connection via API\n1768844 - RHEL Advanced virtualization module streams support\n1769463 - [Scale] Slow performance for api/clusters when many networks devices are present\n1770237 - Cannot assign a vNIC profile for VM instance profile. \n1771793 - VM Portal crashes in what appears to be a permission related problem. \n1773313 - RHV Metric store installation fails with error: \"You need to install \\\"jmespath\\\" prior to running json_query filter\"\n1777954 - VM Templates greater then 101 quantity are not listed/reported in RHV-M Webadmin UI. \n1779580 - drop rhvm-doc package\n1781001 - CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS\n1782236 - Windows Update (the drivers) enablement\n1782279 - Warning message for low space is not received on Imported Storage domain\n1782882 - qemu-kvm: kvm_init_vcpu failed: Function not implemented\n1784049 - Rhel6 guest with cluster default q35 chipset causes kernel panic\n1784385 - Still requiring rhvm-doc in rhvm-setup-plugins\n1785750 - [RFE] Ability to change default VM action (Suspend) in the VM Portal. \n1788424 - Importing a VM having direct LUN attached using virtio driver is failing with error \"VirtIO-SCSI is disabled for the VM\"\n1796809 - Build apache-sshd for RHV 4.4 RHEL 8\n1796811 - Remove bundled apache-sshd library\n1796815 - Build snmp4j for RHV 4.4 RHEL 8\n1796817 - Remove bundled snmp4j library\n1797316 - Snapshot creation from VM fails on second snapshot and afterwords\n1797500 - Add disk operation failed to complete. \n1798114 - Build apache-commons-digester for RHV 4.4 RHEL 8\n1798117 - Build apache-commons-configuration for RHV 4.4 RHEL 8\n1798120 - Build apache-commons-jexl for RHV 4.4 RHEL 8\n1798127 - Build apache-commons-collections4 for RHV 4.4 RHEL 8\n1798137 - Build apache-commons-vfs for RHV 4.4 RHEL 8\n1799171 - Build ws-commons-util for RHV 4.4 RHEL 8\n1799204 - Build xmlrpc for RHV 4.4 RHEL 8\n1801149 - CVE-2019-13990 libquartz: XXE attacks via job description\n1801709 - Disable activation of the host while Enroll certificate flow is still in progress\n1803597 - rhv-image-discrepancies should skip storage domains in maintenance mode and ISO/Export\n1805669 - change requirement on rhvm package from spice-client-msi to spice-client-win\n1806276 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine\n1807047 - Build m2crypto for RHV 4.4 RHEL 8\n1807860 - [RFE] Allow resource allocation options to be customized\n1808096 - Uploading ISOs causes \"Uncaught exception occurred. Please try reloading the page. Details: (TypeError) : a.n is null\"\n1808126 - host_service.install() does not work with deploy_hosted_engine as True. \n1809040 - [CNV\u0026RHV] let the user know that token is not valid anymore\n1809052 - [CNV\u0026RHV] ovirt-engine log file spammed by failed timers ( approx 3-5 messages/sec )\n1809875 - rhv-image-discrepancies only compares images on the last DC\n1809877 - rhv-image-discrepancies sends dump-volume-chains with parameter that is ignored\n1810893 - mountOptions is ignored for \"import storage domain\" from GUI\n1811865 - [Scale] Host Monitoring generates excessive amount of qos related sql queries\n1811869 - [Scale] Webadmin\\REST for host interface list response time is too long because of excessive amount of qos related sql queries\n1812875 - Unable to create VMs when french Language is selected for the rhvm gui. \n1813305 - Engine updating SLA policies of VMs continuously in an environment which is not having any QOS configured\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1814197 - [CNV\u0026RHV] when provider is remover DC is left behind and active\n1814215 - [CNV\u0026RHV] Adding new provider to engine fails after succesfull test\n1816017 - Build log4j12 for RHV 4.4 EL8\n1816643 - [CNV\u0026RHV] VM created in CNV not visible in RHV\n1816654 - [CNV\u0026RHV] adding provider with already created vm failed\n1816693 - [CNV\u0026RHV] CNV VM failed to restart even if 1st dialog looks fine\n1816739 - [CNV\u0026RHV] CNV VM updated form CNV side doesn\u0027t update vm properties over on RHV side\n1817467 - [Tracking] Migration path between RHV 4.3 and 4.4\n1818745 - rhv-log-collector-analyzer 0.2.17 still requires pyhton2\n1819201 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update\n1819248 - Cannot upgrade host after engine setup\n1819514 - Failed to register 4.4 host to the latest engine (4.4.0-0.29.master.el8ev)\n1819960 - NPE on ImportVmTemplateFromConfigurationCommand when creating VM from ovf_data\n1820621 - Build apache-commons-compress for RHV 4.4 EL8\n1820638 - Build apache-commons-jxpath for RHV 4.4 EL8\n1821164 - Failed snapshot creation can cause data corruption of other VMs\n1821930 - Enable only TLSv1.2+ protocol for SPICE on EL7 hosts\n1824095 - VM portal shows only error\n1825793 - RHV branding is missing after upgrade from 4.3\n1826248 - [4.4][ovirt-cockpit-sso] Compatibility issues with python3\n1826437 - The console client resources page return HTTP code 500\n1826801 - [CNV\u0026RHV] update of memory on cnv side does not propagate to rhv\n1826855 - [cnv\u0026rhv] update of cpu on cnv side causing expetion in engine.log\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1828669 - After SPM select the engine lost communication to all hosts until restarted [improved logging]\n1828736 - [CNV\u0026RHV] cnv template is not propagated to rhv\n1829189 - engine-setup httpd ssl configuration conflicts with Red Hat Insights\n1829656 - Failed to register 4.3 host to 4.4 engine with 4.3 cluster (4.4.0-0.33.master.el8ev)\n1829830 - vhost custom properties does not accept \u0027-\u0027\n1832161 - rhv-log-collector-analyzer fails with UnicodeDecodeError on RHEL8\n1834523 - Edit VM -\u003e Enable Smartcard sharing does not stick when VM is running\n1838493 - Live snapshot made with freeze in the engine will cause the FS to be frozen\n1841495 - Upgrade openstack-java-sdk to 3.2.9\n1842495 - high cpu usage after entering wrong search pattern in RHVM\n1844270 - [vGPU] nodisplay option for mdev broken since mdev scheduling unit\n1844855 - Missing images (favicon.ico, banner logo) and missing brand.css file on VM portal d/s installation\n1845473 - Exporting an OVA file from a VM results in its ovf file having a format of RAW when the disk is COW\n1847420 - CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1853444 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update (July-2020)\n1854563 - [4.4 downstream only][RFE] Include a link to grafana on front page\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-1.4.5-1.el8ar.src.rpm\nansible-runner-service-1.0.2-1.el8ev.src.rpm\napache-commons-collections4-4.4-1.el8ev.src.rpm\napache-commons-compress-1.18-1.el8ev.src.rpm\napache-commons-configuration-1.10-1.el8ev.src.rpm\napache-commons-jexl-2.1.1-1.el8ev.src.rpm\napache-commons-jxpath-1.3-29.el8ev.src.rpm\napache-commons-vfs-2.4.1-1.el8ev.src.rpm\napache-sshd-2.5.1-1.el8ev.src.rpm\nebay-cors-filter-1.0.1-4.el8ev.src.rpm\ned25519-java-0.3.0-1.el8ev.src.rpm\nengine-db-query-1.6.1-1.el8ev.src.rpm\njava-client-kubevirt-0.5.0-1.el8ev.src.rpm\nlog4j12-1.2.17-22.el8ev.src.rpm\nm2crypto-0.35.2-5.el8ev.src.rpm\nmakeself-2.4.0-4.el8ev.src.rpm\nnovnc-1.1.0-1.el8ost.src.rpm\nopenstack-java-sdk-3.2.9-1.el8ev.src.rpm\novirt-cockpit-sso-0.1.4-1.el8ev.src.rpm\novirt-engine-4.4.1.8-0.7.el8ev.src.rpm\novirt-engine-api-explorer-0.0.6-1.el8ev.src.rpm\novirt-engine-dwh-4.4.1.2-1.el8ev.src.rpm\novirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.src.rpm\novirt-engine-extension-aaa-misc-1.1.0-1.el8ev.src.rpm\novirt-engine-extension-logger-log4j-1.1.0-1.el8ev.src.rpm\novirt-engine-extensions-api-1.0.1-1.el8ev.src.rpm\novirt-engine-metrics-1.4.1.1-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.2.2-1.el8ev.src.rpm\novirt-fast-forward-upgrade-1.1.6-0.el8ev.src.rpm\novirt-log-collector-4.4.2-1.el8ev.src.rpm\novirt-scheduler-proxy-0.1.9-1.el8ev.src.rpm\novirt-web-ui-1.6.3-1.el8ev.src.rpm\npython-aniso8601-0.82-4.el8ost.src.rpm\npython-flask-1.0.2-2.el8ost.src.rpm\npython-flask-restful-0.3.6-8.el8ost.src.rpm\npython-netaddr-0.7.19-8.1.el8ost.src.rpm\npython-notario-0.0.16-2.el8cp.src.rpm\npython-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.src.rpm\npython-pbr-5.1.2-2.el8ost.src.rpm\npython-six-1.12.0-1.el8ost.src.rpm\npython-websocket-client-0.54.0-1.el8ost.src.rpm\npython-werkzeug-0.16.0-1.el8ost.src.rpm\nrhv-log-collector-analyzer-1.0.2-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.4-1.el8ev.src.rpm\nrhvm-dependencies-4.4.0-1.el8ev.src.rpm\nrhvm-setup-plugins-4.4.2-1.el8ev.src.rpm\nsnmp4j-2.4.1-1.el8ev.src.rpm\nunboundid-ldapsdk-4.0.14-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.5.4-1.el8ev.src.rpm\nws-commons-util-1.0.2-1.el8ev.src.rpm\nxmlrpc-3.1.3-1.el8ev.src.rpm\n\nnoarch:\nansible-runner-1.4.5-1.el8ar.noarch.rpm\nansible-runner-service-1.0.2-1.el8ev.noarch.rpm\napache-commons-collections4-4.4-1.el8ev.noarch.rpm\napache-commons-collections4-javadoc-4.4-1.el8ev.noarch.rpm\napache-commons-compress-1.18-1.el8ev.noarch.rpm\napache-commons-compress-javadoc-1.18-1.el8ev.noarch.rpm\napache-commons-configuration-1.10-1.el8ev.noarch.rpm\napache-commons-jexl-2.1.1-1.el8ev.noarch.rpm\napache-commons-jexl-javadoc-2.1.1-1.el8ev.noarch.rpm\napache-commons-jxpath-1.3-29.el8ev.noarch.rpm\napache-commons-jxpath-javadoc-1.3-29.el8ev.noarch.rpm\napache-commons-vfs-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-ant-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-examples-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-javadoc-2.4.1-1.el8ev.noarch.rpm\napache-sshd-2.5.1-1.el8ev.noarch.rpm\napache-sshd-javadoc-2.5.1-1.el8ev.noarch.rpm\nebay-cors-filter-1.0.1-4.el8ev.noarch.rpm\ned25519-java-0.3.0-1.el8ev.noarch.rpm\ned25519-java-javadoc-0.3.0-1.el8ev.noarch.rpm\nengine-db-query-1.6.1-1.el8ev.noarch.rpm\njava-client-kubevirt-0.5.0-1.el8ev.noarch.rpm\nlog4j12-1.2.17-22.el8ev.noarch.rpm\nlog4j12-javadoc-1.2.17-22.el8ev.noarch.rpm\nmakeself-2.4.0-4.el8ev.noarch.rpm\nnovnc-1.1.0-1.el8ost.noarch.rpm\nopenstack-java-ceilometer-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-ceilometer-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-cinder-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-cinder-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-glance-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-glance-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-heat-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-heat-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-javadoc-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-keystone-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-keystone-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-nova-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-nova-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-quantum-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-quantum-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-resteasy-connector-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-swift-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-swift-model-3.2.9-1.el8ev.noarch.rpm\novirt-cockpit-sso-0.1.4-1.el8ev.noarch.rpm\novirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-api-explorer-0.0.6-1.el8ev.noarch.rpm\novirt-engine-backend-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-dbscripts-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-dwh-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-misc-1.1.0-1.el8ev.noarch.rpm\novirt-engine-extension-logger-log4j-1.1.0-1.el8ev.noarch.rpm\novirt-engine-extensions-api-1.0.1-1.el8ev.noarch.rpm\novirt-engine-extensions-api-javadoc-1.0.1-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-metrics-1.4.1.1-1.el8ev.noarch.rpm\novirt-engine-restapi-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-base-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-tools-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-tools-backup-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.2.2-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-fast-forward-upgrade-1.1.6-0.el8ev.noarch.rpm\novirt-log-collector-4.4.2-1.el8ev.noarch.rpm\novirt-scheduler-proxy-0.1.9-1.el8ev.noarch.rpm\novirt-web-ui-1.6.3-1.el8ev.noarch.rpm\npython-flask-doc-1.0.2-2.el8ost.noarch.rpm\npython2-netaddr-0.7.19-8.1.el8ost.noarch.rpm\npython2-pbr-5.1.2-2.el8ost.noarch.rpm\npython2-six-1.12.0-1.el8ost.noarch.rpm\npython3-aniso8601-0.82-4.el8ost.noarch.rpm\npython3-ansible-runner-1.4.5-1.el8ar.noarch.rpm\npython3-flask-1.0.2-2.el8ost.noarch.rpm\npython3-flask-restful-0.3.6-8.el8ost.noarch.rpm\npython3-netaddr-0.7.19-8.1.el8ost.noarch.rpm\npython3-notario-0.0.16-2.el8cp.noarch.rpm\npython3-ovirt-engine-lib-4.4.1.8-0.7.el8ev.noarch.rpm\npython3-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.noarch.rpm\npython3-pbr-5.1.2-2.el8ost.noarch.rpm\npython3-six-1.12.0-1.el8ost.noarch.rpm\npython3-websocket-client-0.54.0-1.el8ost.noarch.rpm\npython3-werkzeug-0.16.0-1.el8ost.noarch.rpm\npython3-werkzeug-doc-0.16.0-1.el8ost.noarch.rpm\nrhv-log-collector-analyzer-1.0.2-1.el8ev.noarch.rpm\nrhvm-4.4.1.8-0.7.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.4-1.el8ev.noarch.rpm\nrhvm-dependencies-4.4.0-1.el8ev.noarch.rpm\nrhvm-setup-plugins-4.4.2-1.el8ev.noarch.rpm\nsnmp4j-2.4.1-1.el8ev.noarch.rpm\nsnmp4j-javadoc-2.4.1-1.el8ev.noarch.rpm\nunboundid-ldapsdk-4.0.14-1.el8ev.noarch.rpm\nunboundid-ldapsdk-javadoc-4.0.14-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.5.4-1.el8ev.noarch.rpm\nws-commons-util-1.0.2-1.el8ev.noarch.rpm\nws-commons-util-javadoc-1.0.2-1.el8ev.noarch.rpm\nxmlrpc-client-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-common-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-javadoc-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-server-3.1.3-1.el8ev.noarch.rpm\n\nx86_64:\nm2crypto-debugsource-0.35.2-5.el8ev.x86_64.rpm\npython3-m2crypto-0.35.2-5.el8ev.x86_64.rpm\npython3-m2crypto-debuginfo-0.35.2-5.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18635\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-10086\nhttps://access.redhat.com/security/cve/CVE-2019-13990\nhttps://access.redhat.com/security/cve/CVE-2019-17195\nhttps://access.redhat.com/security/cve/CVE-2019-19336\nhttps://access.redhat.com/security/cve/CVE-2020-7598\nhttps://access.redhat.com/security/cve/CVE-2020-10775\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXylir9zjgjWX9erEAQii/A//bJm3u0+ul+LdQwttSJJ79OdVqcp3FktP\ntdPj8AFbB6F9KkuX9FAQja0/2pgZAldB3Eyz57GYTxyDD1qeMqYSayGHCH01GWAn\nu8uF90lcSz6YvgEPDh1mWhLYQMfdWT6IUuKOEHldt8TyHbc7dX3xCbsLDzNCxGbl\nQuPSFPQBJaAXETSw42NGzdUzaM9zoQ0Mngj+Owcgw53YyBy3BSLAb5bKuijvkcLy\nSVCAxxiQ89E+cnETKYIv4dOfqXGA5wLg68hDmUQyFcXHA9nQbJM9Q0s1fbZ2Wav1\noGGTqJDTgVElxrHB5pYJ6pu484ZgJealkBCrHA2OBsMJUadwitVvQLXFZF5OyN0N\nf/vtZ1ua4mZADa61qfnlmVRiyISwmPPWIOImA3TIE5Q8Yl5ucCqtDjQPoJAbXsUl\nY22Bb5x7JyrN0nyOgwh6BGGK51CmOaP+xNuWD7osI24pnzdmPTZuJrZLePxgPgac\nWWQNznzvokknva2ofvujAm+DEl+W7W3A8Vs9wkmUWYlaVC7GFLEkcvQjjHahZ7kh\ndVJNoh70vpA+aJCMQHYK6MGtCSAWoqXkRTsHb3Stfm2vLLz6GYxY5OuvB7Z0ME1N\nzCiFjBla5+3nKx5ab8Pola56T1wRULHL6zYN9GTsOzxjdJsKHXBVeV8OYcnoHiza\n2TrKn2dtZwI=\n=92Q3\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSee the following documentation, which will be updated shortly for release\n3.11.219, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. Bugs fixed (https://bugzilla.redhat.com/):\n\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n\n6. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of\nscrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt\nUNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new\nJSONObject(map) cause StackOverflowError which may lead to dos\n(CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11022",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "162159",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2020-10",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2020-11",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157850",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2694",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0620",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4248",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1066",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1916",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1961",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3902",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0585",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2515",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1880",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1863",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1519",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0824",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2375",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0465",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3255",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2966",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1804",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1925",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3028",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042543",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072094",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101936",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041931",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042537",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012403",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072292",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072721",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012754",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042618",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042302",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022060033",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49766",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157905",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158406",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-60182",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48898",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "171215",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171211",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"id": "VAR-202004-2191",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:10:21.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "jQuery Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=117510"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.7,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.7,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"trust": 1.7,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041931"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49766"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48898"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3875/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520510"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2375/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1066"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5150"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1804/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1925/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042302"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072721"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022516"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157850/red-hat-security-advisory-2020-2217-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072094"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101936"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660.3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1519"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0585"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0583"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3255/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4248/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2966/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157905/red-hat-security-advisory-2020-2362-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1880/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2694/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042537"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042618"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2775/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0824"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1961/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1512"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-60182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3028/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022060033"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012754"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0465"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6490381"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1863/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071412"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3902/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2525"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0620"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012403"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3368/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1044"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163559"
},
{
"date": "2021-03-09T16:25:11",
"db": "PACKETSTORM",
"id": "161727"
},
{
"date": "2020-08-04T14:26:33",
"db": "PACKETSTORM",
"id": "158750"
},
{
"date": "2020-05-28T16:07:33",
"db": "PACKETSTORM",
"id": "157850"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2023-03-02T15:19:44",
"db": "PACKETSTORM",
"id": "171215"
},
{
"date": "2023-03-02T15:19:02",
"db": "PACKETSTORM",
"id": "171211"
},
{
"date": "2023-01-31T17:19:24",
"db": "PACKETSTORM",
"id": "170819"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"date": "2020-04-29T22:15:11.903000",
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-163559"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"date": "2023-11-07T03:14:27.330000",
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.7
}
}
var-202012-1550
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. FasterXML Jackson Databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1550",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"db": "NVD",
"id": "CVE-2020-35490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
],
"trust": 0.8
},
"cve": "CVE-2020-35490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-35490",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-377686",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35490",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35490",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1285",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-377686",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-35490",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377686"
},
{
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"db": "NVD",
"id": "CVE-2020-35490"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. FasterXML Jackson Databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35490"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-377686"
},
{
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35490",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1285",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3599",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072757",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-377686",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35490",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377686"
},
{
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-35490"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
]
},
"id": "VAR-202012-1550",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377686"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:47:20.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-110 Software product security information",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2986"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-110"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"db": "NVD",
"id": "CVE-2020-35490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2986"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072757"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3599"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex"
},
{
"trust": 0.1,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-110/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377686"
},
{
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-35490"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377686"
},
{
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-35490"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-377686"
},
{
"date": "2020-12-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"date": "2021-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2020-12-17T19:15:14.417000",
"db": "NVD",
"id": "CVE-2020-35490"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-377686"
},
{
"date": "2022-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35490"
},
{
"date": "2021-08-30T01:28:00",
"db": "JVNDB",
"id": "JVNDB-2020-014728"
},
{
"date": "2022-09-08T21:32:11.783000",
"db": "NVD",
"id": "CVE-2020-35490"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1285"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0Jackson\u00a0Databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202101-1934
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1934",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"db": "NVD",
"id": "CVE-2020-36188"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36188",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381455",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36188",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36188",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-355",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381455",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36188",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381455"
},
{
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"db": "NVD",
"id": "CVE-2020-36188"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36188"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381455"
},
{
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36188",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-355",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381455",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36188",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381455"
},
{
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36188"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
]
},
"id": "VAR-202101-1934",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381455"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:50:48.440000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/jonathan-elias/poc "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381455"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"db": "NVD",
"id": "CVE-2020-36188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2996"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381455"
},
{
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36188"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381455"
},
{
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36188"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-381455"
},
{
"date": "2021-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-06T23:15:13.233000",
"db": "NVD",
"id": "CVE-2020-36188"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381455"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36188"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2020-015592"
},
{
"date": "2023-09-13T14:57:31.733000",
"db": "NVD",
"id": "CVE-2020-36188"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015592"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202101-1935
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1935",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "NVD",
"id": "CVE-2020-36187"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36187",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381454",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36187",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36187",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-331",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381454",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36187",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381454"
},
{
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "NVD",
"id": "CVE-2020-36187"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36187"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381454"
},
{
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36187",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-331",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381454",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36187",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381454"
},
{
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36187"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
]
},
"id": "VAR-202101-1935",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381454"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:53:32.289000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138937"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381454"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "NVD",
"id": "CVE-2020-36187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2997"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381454"
},
{
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36187"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381454"
},
{
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36187"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-381454"
},
{
"date": "2021-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-06T23:15:13.170000",
"db": "NVD",
"id": "CVE-2020-36187"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381454"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36187"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2020-015591"
},
{
"date": "2023-09-13T14:57:25.667000",
"db": "NVD",
"id": "CVE-2020-36187"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-331"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015591"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202005-1054
Vulnerability from variot
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j To XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
-
dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
-
wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
-
wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
-
hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
-
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
-
undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
-
hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
-
wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
-
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18793 - GSS Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - GSS Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - GSS Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - GSS Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - GSS Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - GSS Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001
- Package List:
Red Hat JBoss EAP 7.3 for RHEL 6 Server:
Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm
noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary:
This is a security update for JBoss EAP Continuous Delivery 20.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1.0.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.8.0"
},
{
"model": "dom4j",
"scope": "gte",
"trust": 1.0,
"vendor": "dom4j",
"version": "2.1.0"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "documaker",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.17.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.6.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "dom4j",
"scope": "lt",
"trust": 1.0,
"vendor": "dom4j",
"version": "2.1.3"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.9m0p1"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.19.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.4"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "dom4j",
"scope": "lt",
"trust": 1.0,
"vendor": "dom4j",
"version": "2.0.3"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.0"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.9.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.20.1"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "documaker",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0.0"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.7.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.10.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "dom4j",
"scope": "eq",
"trust": 0.8,
"vendor": "dom4j",
"version": "2.1.3"
},
{
"model": "decision manager",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "jboss enterprise application platform",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "jboss enterprise application platform continuous delivery",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "process automation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "jboss fuse",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "software collections",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "single sign-on",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.3",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.17.1",
"versionStartIncluding": "17.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.20.1",
"versionStartIncluding": "16.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.19.0",
"versionStartIncluding": "18.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.6.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.6.4",
"versionStartIncluding": "12.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "158891"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158881"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
}
],
"trust": 1.2
},
"cve": "CVE-2020-10683",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004997",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-163186",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10683",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004997",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10683",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-004997",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1133",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-163186",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10683",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163186"
},
{
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
},
{
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j To XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.8.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update\nAdvisory ID: RHSA-2020:3461-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3461\nIssue date: 2020-08-17\nCVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 \n CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 \n CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 \n CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.2 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n(CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to\npermitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM\n(CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230\n(CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial\nof Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server:\n\nSource:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm\neap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm\n\nnoarch:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10687\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10718\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh\nMpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF\nQCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5\nHN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN\nJhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB\n9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz\nDE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z\nsbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg\n3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT\nnruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7\nLvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn\nBk4PSTq9yaw=\n=ZNiG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 20. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10683"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "VULHUB",
"id": "VHN-163186"
},
{
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "158891"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158881"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-163186",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163186"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10683",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "160562",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158891",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159015",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159921",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158916",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159544",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4464",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2087",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1581",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3894",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2992",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3742",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3513",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042542",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072165",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072096",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072747",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47453",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158881",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158884",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159924",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-33467",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163186",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10683",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163186"
},
{
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "158891"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158881"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
},
{
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"id": "VAR-202005-1054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163186"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:03:49.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAXReader uses system default XMLReader with its defaults. New factory method SAXReader.createDefault() sets more secure defaults.",
"trust": 0.8,
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"title": "version-2.1.3",
"trust": 0.8,
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"title": "Bug 1694235",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"title": "dom4j Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=116859"
},
{
"title": "Debian CVElist Bug Report Logs: dom4j: CVE-2020-10683: XML External Entity vulnerability in default SAX parser",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=92018ce9305762cd7f6c51b2cc808332"
},
{
"title": "Red Hat: Moderate: Red Hat Decision Manager 7.9.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204960 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Process Automation Manager 7.9.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204961 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203463 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203461 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203462 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203464 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203585 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203501 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.8.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205568 - security advisory"
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/anonymous-phunter/phunter "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/cgcl-codes/phunter "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163186"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 1.8,
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"trust": 1.8,
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"trust": 1.8,
"url": "https://cheatsheetseries.owasp.org/cheatsheets/xml_external_entity_prevention_cheat_sheet.html"
},
{
"trust": 1.8,
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"trust": 1.8,
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3cdev.velocity.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3cdev.velocity.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3cnotifications.freemarker.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10683"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3cnotifications.freemarker.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3cdev.velocity.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3cdev.velocity.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3513/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3781"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072096"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2992/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159544/ubuntu-security-notice-usn-4575-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4464/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2087/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072165"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2837/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47453"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3894/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1581/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletinibm-resilient-soar-is-using-components-with-known-vulnerabilities-dom4j-cve-2020-10683/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042542"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072747"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042642"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2826/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dom4j-external-xml-entity-injection-via-saxreader-32161"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-dom4j-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000632-cve-2020-10683/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3742/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/611.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11989"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11980"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1393"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000873"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11994"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5398"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13933"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11994"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5568"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3585"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xeap-cd\u0026version"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3464"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163186"
},
{
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "158891"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158881"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
},
{
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163186"
},
{
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "158891"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158881"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
},
{
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-01T00:00:00",
"db": "VULHUB",
"id": "VHN-163186"
},
{
"date": "2020-05-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"date": "2020-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"date": "2020-12-16T18:17:52",
"db": "PACKETSTORM",
"id": "160562"
},
{
"date": "2020-08-17T17:34:41",
"db": "PACKETSTORM",
"id": "158884"
},
{
"date": "2020-08-31T16:22:15",
"db": "PACKETSTORM",
"id": "159015"
},
{
"date": "2020-08-17T17:43:22",
"db": "PACKETSTORM",
"id": "158891"
},
{
"date": "2020-09-07T16:37:51",
"db": "PACKETSTORM",
"id": "159080"
},
{
"date": "2020-08-17T15:35:45",
"db": "PACKETSTORM",
"id": "158881"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1133"
},
{
"date": "2020-05-01T19:15:12.927000",
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-163186"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10683"
},
{
"date": "2020-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004997"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1133"
},
{
"date": "2023-11-07T03:14:11.907000",
"db": "NVD",
"id": "CVE-2020-10683"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "158891"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158881"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dom4j In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1133"
}
],
"trust": 0.6
}
}
var-202101-1936
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1936",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "NVD",
"id": "CVE-2020-36186"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36186"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36186",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36186",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381453",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36186",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36186",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-333",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381453",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36186",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381453"
},
{
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "NVD",
"id": "CVE-2020-36186"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36186"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381453"
},
{
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36186",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-333",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381453",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36186",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381453"
},
{
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36186"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
]
},
"id": "VAR-202101-1936",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381453"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:59:46.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138939"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381453"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "NVD",
"id": "CVE-2020-36186"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2997"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381453"
},
{
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36186"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381453"
},
{
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36186"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-381453"
},
{
"date": "2021-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-06T23:15:13.123000",
"db": "NVD",
"id": "CVE-2020-36186"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381453"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36186"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2020-015590"
},
{
"date": "2023-09-13T14:57:19.297000",
"db": "NVD",
"id": "CVE-2020-36186"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-333"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015590"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201711-0007
Vulnerability from variot
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7 Advisory ID: RHSA-2017:1413-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2017:1413 Issue date: 2017-06-07 CVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304 CVE-2016-7056 CVE-2016-8610 CVE-2016-8740 CVE-2016-8743 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
-
It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736)
-
It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-2161)
-
A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-8610)
-
It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
-
A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0736 https://access.redhat.com/security/cve/CVE-2016-2161 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-7056 https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2016-8740 https://access.redhat.com/security/cve/CVE-2016-8743 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en/red-hat-jboss-core-services/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2 JFT0GtD56HPD72nOXhIXyG8= =7n2G -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
- A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update).
This release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update to take effect. (CVE-2016-6304)
-
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. (CVE-2016-8610)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. =========================================================================== Ubuntu Security Notice USN-3181-1 January 31, 2017
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177)
It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056)
Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)
Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain truncated packets. (CVE-2017-3731)
It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: libssl1.0.0 1.0.2g-1ubuntu9.1
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.6
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.22
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.39
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 2.4,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 2.4,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.1.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.0"
},
{
"model": "m10-1",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m12-2",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "communications analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.40"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cn1610",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.0.15"
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "oncommand balance",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-1",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m12-2s",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m10-4",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.4.1.0"
},
{
"model": "host agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "6.1.17"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "ontap select deploy",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2h"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "data ontap edge",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m10-4s",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "snapcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "storagegrid webscale",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.10"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "adaptive access manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.3.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.2 to 1.0.2h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "jboss web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "70"
},
{
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "60"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.15"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.14"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.12"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.10"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.5"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.8"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.7"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.2h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "project openssl 0.9.8zh",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zg",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zf",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8ze",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zd",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "sterling connect:direct for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.4"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.3"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.8.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.6.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.6.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.3"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.9"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.6"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.4"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.10"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.9"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.8"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.13"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.12"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.11"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.10"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.9"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.8"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.12"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.11"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.10"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.16"
},
{
"model": "project openssl 1.1.0b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:direct for unix 4.1.0.4.ifix085",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "netezza host management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.9.0"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.2"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.4"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.11"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.14"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
}
],
"sources": [
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2h",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shi Lei from Gear Team, Qihoo 360 Inc.",
"sources": [
{
"db": "BID",
"id": "93841"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8610",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97430",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8610",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8610",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-726",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97430",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-8610",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. \nSuccessful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7\nAdvisory ID: RHSA-2017:1413-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1413\nIssue date: 2017-06-07\nCVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304 \n CVE-2016-7056 CVE-2016-8610 CVE-2016-8740 \n CVE-2016-8743 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services on RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes, which are documented in\nthe Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious\nuser with local access to recover ECDSA P-256 private keys. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. An attacker\ncould send crafted requests with headers larger than the server\u0027s available\nmemory, causing httpd to crash. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0736\nhttps://access.redhat.com/security/cve/CVE-2016-2161\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-7056\nhttps://access.redhat.com/security/cve/CVE-2016-8610\nhttps://access.redhat.com/security/cve/CVE-2016-8740\nhttps://access.redhat.com/security/cve/CVE-2016-8743\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2\nJFT0GtD56HPD72nOXhIXyG8=\n=7n2G\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes document\nlinked to in the References. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThis release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update\nto take effect. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. \n(CVE-2016-8610)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. \n===========================================================================\nUbuntu Security Notice USN-3181-1\nJanuary 31, 2017\n\nopenssl vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other\nreleases were fixed in a previous security update. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2016-7056)\n\nShi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)\n\nRobert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain\ntruncated packets. (CVE-2017-3731)\n\nIt was discovered that OpenSSL incorrectly performed the x86_64 Montgomery\nsquaring procedure. This issue only applied to Ubuntu 16.04\nLTS, and Ubuntu 16.10. (CVE-2017-3732)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n libssl1.0.0 1.0.2g-1ubuntu9.1\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.6\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.22\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.39\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8610",
"trust": 4.4
},
{
"db": "BID",
"id": "93841",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1037084",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2173",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141752",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92490",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97430",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143874",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143176",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143873",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140850",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"id": "VAR-201711-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
}
],
"trust": 0.35113123999999996
},
"last_update_date": "2024-07-23T21:57:50.988000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Don\u0027t\u00a0allow\u00a0too\u00a0many\u00a0consecutive\u00a0warning\u00a0alerts Red hat Red\u00a0Hat\u00a0Bugzilla",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"title": "OpenSSL Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=65089"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170286 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory"
},
{
"title": "Red Hat: Moderate: gnutls security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170574 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171414 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171415 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171413 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-3773-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f660812dd6a423f7e72aa57751d0031"
},
{
"title": "Red Hat: CVE-2016-8610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-8610"
},
{
"title": "Amazon Linux AMI: ALAS-2017-803",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-803"
},
{
"title": "Ubuntu Security Notice: gnutls26 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-2"
},
{
"title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-1"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171801 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171802 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2017-815",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-815"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=04299a624c15ae57f9f110f484bc5f66"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=bf8deceb640f4a0fee008855afe6aa85"
},
{
"title": "CVE-2016-8610-PoC",
"trust": 0.1,
"url": "https://github.com/cujanovic/cve-2016-8610-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/93841"
},
{
"trust": 2.1,
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:1413"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:1658"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2493"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2494"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1037084"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"trust": 1.8,
"url": "https://security.freebsd.org/advisories/freebsd-sa-16:35.openssl.asc"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0286.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0574.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1414"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2016-8610"
},
{
"trust": 1.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"trust": 1.8,
"url": "https://security.360.cn/cve/cve-2016-8610/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"trust": 1.8,
"url": "https://security.paloaltonetworks.com/cve-2016-8610"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03897en_us"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
},
{
"trust": 0.9,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"trust": 0.9,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/87"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-8610"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-6304"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2173/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory22.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994867"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996760"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21997209"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8743"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-7056"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2161"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/3155411"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2688611"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/solutions/222023"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2177"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03897en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://github.com/cujanovic/cve-2016-8610-poc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49575"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3183-2/"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.23"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3181-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97430"
},
{
"date": "2017-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"date": "2016-10-24T00:00:00",
"db": "BID",
"id": "93841"
},
{
"date": "2017-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"date": "2017-06-07T22:47:57",
"db": "PACKETSTORM",
"id": "142848"
},
{
"date": "2017-08-22T05:29:02",
"db": "PACKETSTORM",
"id": "143874"
},
{
"date": "2017-06-07T22:47:43",
"db": "PACKETSTORM",
"id": "142847"
},
{
"date": "2017-06-28T22:12:00",
"db": "PACKETSTORM",
"id": "143176"
},
{
"date": "2017-08-22T05:28:16",
"db": "PACKETSTORM",
"id": "143873"
},
{
"date": "2017-06-28T22:37:00",
"db": "PACKETSTORM",
"id": "143181"
},
{
"date": "2017-02-01T00:36:45",
"db": "PACKETSTORM",
"id": "140850"
},
{
"date": "2016-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"date": "2017-11-13T22:29:00.203000",
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-97430"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"date": "2017-08-22T08:11:00",
"db": "BID",
"id": "93841"
},
{
"date": "2024-02-27T03:18:00",
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"date": "2023-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"date": "2024-01-26T17:44:24.227000",
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.6
}
}
var-201808-1040
Vulnerability from variot
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Apache Axis is an open source, XML-based Web service architecture of the Apache Software Foundation in the United States. It includes SOAP servers implemented in Java and C++ languages, as well as various public services and APIs to generate and deploy Web services. application. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "communications asap cartridges",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0.4.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "peoplesoft enterprise human capital management human resources",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.8.0"
},
{
"model": "financial services compliance regulatory reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services funds transfer pricing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1.0.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5.5.0"
},
{
"model": "real-time decision server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.1.0"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications asap cartridges",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services funds transfer pricing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "internet directory",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.6"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.9.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "agile product lifecycle management framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4.3.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5"
},
{
"model": "axis",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "knowledge",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.6.0"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services compliance regulatory reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "knowledge",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.6.3"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "internet directory",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "axis",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.4"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.7.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications order and service management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.0.0"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.10.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "communications order and service management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.4 for up to 1.x"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.2"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.1"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"cve": "CVE-2018-8032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-8032",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-138064",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-8032",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8032",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-082",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138064",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-8032",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Apache Axis is an open source, XML-based Web service architecture of the Apache Software Foundation in the United States. It includes SOAP servers implemented in Java and C++ languages, as well as various public services and APIs to generate and deploy Web services. application. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8032",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.3781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3943",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-138064",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-8032",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"id": "VAR-201808-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:30:16.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AXIS-2924",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/axis-2924"
},
{
"title": "[jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"trust": 0.8,
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3cjira.13170716.1531060536000.93536.1531060560060@atlassian.jira%3e"
},
{
"title": "Apache Axis Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=82812"
},
{
"title": "Debian CVElist Bug Report Logs: axis: CVE-2018-8032: cross-site scripting (XSS) attack in the default servlet/services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=468f0b8a0724ba487c205868e0aa4a1a"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xt11/cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://issues.apache.org/jira/browse/axis-2924"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
},
{
"trust": 1.0,
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3cjira.13170716.1531060536000.93536.1531060560060%40atlassian.jira%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3cjira.13170716.1531060536000.93536.1531060560060@atlassian.jira%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8032"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8032"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1146424"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3781"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-axis-jar-v1-x-may-affect-ibm-content-collector-for-sap-applications/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3943"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905328"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-138064"
},
{
"date": "2018-08-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"date": "2018-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"date": "2018-08-02T13:29:00.363000",
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"date": "2018-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-138064"
},
{
"date": "2022-07-25T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"date": "2018-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"date": "2023-11-07T03:01:22.193000",
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Axis Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
],
"trust": 0.6
}
}
var-202101-1937
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter signaling route",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications diameter signaling route",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "banking virtual account management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "banking extensibility workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.8"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "blockchain platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "banking supply chain finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "NVD",
"id": "CVE-2020-36185"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36185"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36185",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-36185",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381452",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-36185",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36185",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-337",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381452",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36185",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381452"
},
{
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "NVD",
"id": "CVE-2020-36185"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36185"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381452"
},
{
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36185",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "162493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1397",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-337",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381452",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36185",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381452"
},
{
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36185"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
]
},
"id": "VAR-202101-1937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381452"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:17:27.579000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210205-0005",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138942"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "Al1ex",
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "NVD",
"id": "CVE-2020-36185"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
},
{
"trust": 1.8,
"url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2998"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6455267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/al1ex"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381452"
},
{
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36185"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381452"
},
{
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162493"
},
{
"db": "NVD",
"id": "CVE-2020-36185"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-381452"
},
{
"date": "2021-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-05-06T15:03:00",
"db": "PACKETSTORM",
"id": "162493"
},
{
"date": "2021-01-06T23:15:13.077000",
"db": "NVD",
"id": "CVE-2020-36185"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-381452"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36185"
},
{
"date": "2021-10-06T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2020-015589"
},
{
"date": "2023-09-13T14:57:03.383000",
"db": "NVD",
"id": "CVE-2020-36185"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-337"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
cve-2017-3311
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:35
Severity ?
EPSS score ?
Summary
Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95584 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037633 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle | Application Testing Suite |
Version: 12.5.0.3 Version: 12.5.0.2 Version: 12.4.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:34.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "1037633",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037633"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:04:49.786988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:35:03.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Application Testing Suite",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.5.0.3"
},
{
"status": "affected",
"version": "12.5.0.2"
},
{
"status": "affected",
"version": "12.4.0.2"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "1037633",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Testing Suite",
"version": {
"version_data": [
{
"version_value": "12.5.0.3"
},
{
"version_value": "12.5.0.2"
},
{
"version_value": "12.4.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95584"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "1037633",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3311",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:35:03.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}